0. Preface
Because the epidemic is busy with other things for a long time, I don't want to see a more complete poc framework and principles here to share with you to learn and discuss.
1. The frame code is as follows
#!/usr/bin/env python #coding:utf-8 import requests class misiinfo(object): def __init__(self,request=None,response=None): self.info={} self.info["author"]="Mr_Python" #author self.info["name"]="" #Vulnerability name self.info["time"]="2019-1-18" #POC writing time self.info["ontent"]="" #Vulnerability address def jiance(payload): headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36',} response = requests.session() #Equivalent to saving cookie s for next visit response_ = response.get(payload,timeout=3,verify=False,headers=headers) return response_ """Vulnerability verification function""" def audit(arg): payload=arg+'path' try: response=jiance(payload) print(response.content) if response.status_code==200 and "filename:" in response.content: if warning_info: print(warning_info) except Exception as error: print (error) if __name__ == "__main__": audit("http://xxx.cn")
2. way of thinking
About Requests Library:
Requests supports HTTP connection retention and connection pool, cookie session retention, file upload, automatic response content encoding, international URL and POST data encoding.
General idea:
First, import the library request we need, then simulate the request mode of the browser, define the payload and method, do an exception processing and return the result.
3. Code base framework
1. Import requests Library
import requests
- Definition class
class nameinfo(object): self.info["Author"]={"Mr_Python"} self.info["Time"]={"2020.01.24"} self.info["Name"]={"Injection batch test"} self.info["Number"]={"CNVD"} self.info["Rce"]={"small-scale cms Injection batch testing tool"}
def __init__(self,request=None, response=None): #This is the initialization of the class. It will automatically call the
- def defines a method
Use def to start the function definition, followed by the function name, the parameters in parentheses, and the specific function implementation code. If you want the function to have a return value, use return in the logic code in expressions.
First, we define a jiance that includes headers and response
def jiance(payload): headers={'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36',} response = requests.session() #Equivalent to saving cookie s for next visit response_ = response.get(payload,timeout=3,verify=False,headers=headers) return response_
Note: response = response.get (payload, timeout = 3, verify = false, headers = headers, that is to say, get the payload in response, and remove the ssl certificate to cancel the warning. Take the headers we set above to achieve the function of request.
4. Vulnerability verification function
def audit(arg): payload = arg + 'path' try: response = jiance(payload) print(response.content)
payload= arg+'path'
Set payload=arg (arg is the url we sent below) + the
The completed request is http://xxx.com/path
Try: exception handling is used for exception handling.
response=jiance(payload) reads the status returned by http
print(response.content) prints out the status of the http we read out
if response.status_code==200 and "filename:" in response.content: if warning_info: print(warning_info) except Exception as error: print (error) if __name__ == "__main__": audit("") //notes: If we execute the main function, we will execute the following audit Audit It's up there again arg Inside, test the whole thing payload Testing
5. end
In fact, the poc can also change the framework according to its own needs just to have a general idea.
