-
Notifications
You must be signed in to change notification settings - Fork 4
/
AJP13.cs
70 lines (64 loc) · 2.37 KB
/
AJP13.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
using System.Drawing;
namespace Reecon
{
class AJP13 // 8009 - Just AJP?
{
public static (string, string) GetInfo(string target, int port)
{
// https://nvd.nist.gov/vuln/detail/cve-2020-1938
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
if (CheckGhostcat(target))
{
return ("AFJP13", "-- Vulnerable to CVE-2020-1938!".Recolor(Color.Orange));
}
else
{
return ("AJP13", "-- No useful info :<");
}
}
private static bool CheckGhostcat(string target)
{
var httpInfo = Web.GetHTTPInfo($"http://{target}/");
if (httpInfo.StatusCode == 0)
{
httpInfo = Web.GetHTTPInfo($"http://{target}:8080/");
if (httpInfo.StatusCode == 0)
{
return false;
}
}
string pageTitle = httpInfo.PageTitle;
// Apache Tomcat/9.0.30
if (!pageTitle.StartsWith("Apache Tomcat/"))
{
return false;
}
pageTitle = pageTitle.Replace("Apache Tomcat/", "");
System.Version theVersion = System.Version.Parse(pageTitle);
// In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99,
// 6.* is EOL and unpatched
// Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later.\
// 9.0.31 or 9.0.0.31??
if (theVersion.Major <= 6)
{
return true;
}
// Below 7.0.100
if (theVersion.Major == 7 && theVersion < System.Version.Parse("7.0.100"))
{
return true;
}
// Below 8.5.51
else if (theVersion.Major == 8 && theVersion < System.Version.Parse("8.5.51"))
{
return true;
}
// Below 9.0.31
else if (theVersion.Major == 9 && theVersion < System.Version.Parse("9.0.31"))
{
return true;
}
return false;
}
}
}