Skip to content

Commit

Permalink
Merge pull request #12 from JrDw0/patch-1
Browse files Browse the repository at this point in the history 
修复s2-009,012的误报
  • Loading branch information
HatBoy authored Sep 14, 2020
2 parents 11e903b + e209146 commit 0c00054
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions Struts2Scan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,11 +211,12 @@ def get_hash():

def echo_check(self):
"""通过echo输出检查漏洞是否存在"""
hash_str = get_hash()
html = self.exec_cmd("echo " + hash_str)
num1 = random.randint(10000, 100000)
num2 = random.randint(10000, 100000)
html = self.exec_cmd(f"echo `expr {num1} + {num2}]`")
if html.startswith("ERROR:"):
return html
elif hash_str in html:
elif str(num1 + num2) in html:
return True
else:
return False
Expand Down

0 comments on commit 0c00054

Please sign in to comment.