0. Introduction
Because the epidemic is also busy with other things a long time not on the intention to see a more comprehensive framework and principles poc here to share our common study and discussion.
1. The framework code as follows
#!/usr/bin/env python
#coding:utf-8
import requests
class misiinfo(object):
def __init__(self,request=None,response=None):
self.info={}
self.info["author"]="Mr_Python" #作者
self.info["name"]="" #漏洞名称
self.info["time"]="2019-1-18" #POC编写时间
self.info["ontent"]="" #存在漏洞地址
def jiance(payload):
headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36',}
response = requests.session() #相当于保存cookie,方便下一个访问
response_ = response.get(payload,timeout=3,verify=False,headers=headers)
return response_
"""漏洞验证函数"""
def audit(arg):
payload=arg+'path'
try:
response=jiance(payload)
print(response.content)
if response.status_code==200 and "filename:" in response.content:
if warning_info:
print(warning_info)
except Exception as error:
print (error)
if __name__ == "__main__":
audit("http://xxx.cn")
2. Ideas
Requests Library Description:
Requests Support HTTP connection remains and connection pooling, support the use cookie to maintain session file upload support, support for automatically determining the content of the response coding, support URL and POST data is automatically encoded internationalization.
Probably thinking:
First, we need to import library request, and then simulate the way the browser request, the definition of payload and way of doing an exception processing and returns the result.
3. code base frame
1. Import requests library
import requests
- The definition of class
class nameinfo(object):
self.info["Author"]={"Mr_Python"}
self.info["Time"]={"2020.01.24"}
self.info["Name"]={"注入批量检测"}
self.info["Number"]={"CNVD"}
self.info["Rce"]={"小型cms注入批量检测工具"}
def __init__(self,request=None, response=None): #这个则为类的初始化,它在类的实例话操作后,会自动调用
- def defines a method of
using the function definition def starts, followed by the function name, the function parameters inside brackets, the internal implementation code for the specific functions, a function returning if desired, return code is returned in logic expressions used in .
First, we define a jiance which contains headers, response.
def jiance(payload):
headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36',}
response = requests.session() #相当于保存cookie,方便下一个访问
response_ = response.get(payload,timeout=3,verify=False,headers=headers)
return response_
Note: response_ = response.get (payload, timeout = 3, verify = False, headers = headers this is the get response in the payload, and removing ssl certificate canceled the warning, take the above headers we set to achieve the requested action .
4. The vulnerability verification function
def audit(arg):
payload = arg + 'path'
try:
response = jiance(payload)
print(response.content)
payload = arg + 'path'
disposed payload = arg (arg to let pass up url) + payload behind
the request was completed http://xxx.com/path
the Try: exception handling are to be used except , to exception handling.
response = jiance (payload) read http returned status
print (response.content) print out what we read out http status
if response.status_code==200 and "filename:" in response.content:
if warning_info:
print(warning_info)
except Exception as error:
print (error)
if __name__ == "__main__":
audit("")
注: 如果执行主函数我们便会执行下面的audit
Audit又传到了上面的arg里面,测完成整个payload的测试
5. end
In fact, this poc can also change this framework just to have a general idea according to their needs.
