admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-20 09:50:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/discuz-ml-rce
History
dependabot[bot] b29c864422
Bump urllib3 from 1.25.8 to 1.26.5 in /discuz-ml-rce 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.8 to 1.26.5.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.25.8...1.26.5)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-06-02 00:00:41 +00:00
..
batch_result/20190715111111
upload discuz-ml-rce
2019-07-25 10:14:52 +08:00
demo
upload discuz-ml-rce
2019-07-25 10:14:52 +08:00
dz-ml-rce.py
upload discuz-ml-rce
2019-07-25 10:14:52 +08:00
LICENSE
upload discuz-ml-rce
2019-07-25 10:14:52 +08:00
README.md
update README.md
2019-07-25 10:17:46 +08:00
requirements.txt
Bump urllib3 from 1.25.8 to 1.26.5 in /discuz-ml-rce
2021-06-02 00:00:41 +00:00
urls.txt
upload discuz-ml-rce
2019-07-25 10:14:52 +08:00

README.md

dz-ml-rce.py discuz ml RCE 漏洞检测工具

概述


漏洞在于cookie的language可控并且没有严格过滤导致可以远程代码执行详情参考

discuz ml RCE漏洞重现及分析


本工具支持单url和批量检测有判断模式只判断有无该漏洞、cmdshell模式返回简单的cmd shell和getshell模式写入一句话木马

需求


python2.7
pip -r requirements.txt

使用时加上漏洞PHP页面如forum.php,portal.php直接写域名可能会重定向导致误报!

快速开始


使用帮助
python dz-ml-rce.py -h


判断模式
python dz-ml-rce.py -u "http://www.xxx.cn/forum.php"


cmdshell模式
python dz-ml-rce.py -u "http://www.xxx.cn/forum.php" --cmdshell


getshell模式
python dz-ml-rce.py -u "http://www.xxx.cn/forum.php" --getshell


批量检测
python dz-ml-rce.py -f urls.txt


批量getshell
python dz-ml-rce.py -f urls.txt --getshell

TODO

有空会做各种优化。

反馈

issus
博客:http://www.lsablog.com/networksec/penetration/discuz-ml-rce-analysis/
gmaillsasguge196@gmail.com
qq2894400469@qq.com