Closed Fxyer closed 3 years ago
我看代码是: req = requests.get(self.url+'/?redirect:https://www.baidu.com/%23', timeout=TMOUT, verify=False) if req.status_code == 302: cprint("目标存在struts2-017漏洞..(只提供检测)", "red") filecontent.writelines("struts2-017 success!!!\n")
然后公网上很多服务器,无论对什么请求都返回 302 重定向到 baidu ....
HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 15 Apr 2020 07:44:12 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive Location: http://www.baidu.com/
误报率很低,暂时不打算修改。
Lucifer1993
commented
3 years ago Lucifer1993
commented
3 years ago
我看代码是: req = requests.get(self.url+'/?redirect:https://www.baidu.com/%23', timeout=TMOUT, verify=False) if req.status_code == 302: cprint("目标存在struts2-017漏洞..(只提供检测)", "red") filecontent.writelines("struts2-017 success!!!\n")
然后公网上很多服务器,无论对什么请求都返回 302 重定向到 baidu ....
HTTP/1.1 302 Moved Temporarily Server: nginx Date: Wed, 15 Apr 2020 07:44:12 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive Location: http://www.baidu.com/