This is an autotest poc for CVE-2017-10271. Having been tested on CentOS 7 and Windows 7/10.
This project is written in rust language. You need to install rust environment from https://www.rust-lang.org/ first and then build the project with the following code.
$ cargo build --releaseThen you can get binary at target/release/cve-2017-10271-poc.
You can get help message by directly execute
$ cve-2017-10271-pocConsider You have a site http://www.test.com/, which is CVE-2017-10271 vulnerable at http://www.test.com/wls-wsat/CoordinatorPortType or http://www.test.com/wls-wsat/CoordinatorPortType11.
To test such site. You can easily test it by executing
$ cve-2017-10271-poc http://www.test.comIf the site is vulnerable, the poc will told you which url is vulnerable. Otherwise it will tell 'Not Vulnerable'
If you want to test many sites, you can append site as arg2, arg3, etc. i.e. the following execute will test three sites.
$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.netIf you are willing to help developer, please donate Bitcoin Cash to address BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP.
Pull requests are also welcomed.
这是一个CVE-2017-10271漏洞自动测试工具. 经确定可以在CentOS 7和Windows 7 / 10上运行。
本程序是用rust语言实现的。你需要先到 https://www.rust-lang.org/ 安装rust编译环境,然后进入代码目录,执行下列代码可以在target/release/cve-2017-10271-poc得到二进制程序。
$ cargo build --release通过直接执行不带参数的命令,可以查看帮助信息,如下:
$ cve-2017-10271-poc不妨设有这样一个网站http://www.test.com/,这个网站在http://www.test.com/wls-wsat/CoordinatorPortType或者http://www.test.com/wls-wsat/CoordinatorPortType11的地址处存在CVE-2017-10271漏洞。你可以通过执行下面的命令来测试这个网站。
$ cve-2017-10271-poc http://www.test.com如果这个网站存在漏洞,程序会告诉你Vulnerable(有漏洞),否则会告诉你Not Vulnerable(没有漏洞)
如果你需要同时检测多个网站,你可以将不同的网站作为参数进行追加,例如下面的命令可以同时测试3个网站。
$ cve-2017-10271-poc http://www.test.com http://www.test.org http://www.test.net如果你乐意的话,欢迎向开发者捐赠比特币现金,地址是BITCOINCASH:QPZNZ089TQKAVWF6XM6SD8KPGM59FF5H6CKV0585EP。
同时,欢迎提供pull requests