泛微OA远程代码执行漏洞批量扫描脚本

OnionT@KillBoy 渗透测试评论浏览量:8,569次2阅读模式

声明:##############仅限学习交流和防范漏洞,切勿随意攻击###############

import requests
import re
vulurl = "/weaver/bsh.servlet.BshServlet"
print "===== The ulnerable systems are as follows ====="

url = open('url.txt','r')
for lowb in url:
    lowb = str(lowb.strip())
    try:
        b = str(re.findall("http://.*:\d+",lowb)[0])
        b = b + vulurl
        s = requests.get(b)
        if s.status_code == 200:
            print b
    except:
        pass
    try:
        c = str(re.findall("http://.*.com",lowb)[0])
        c = c + vulurl
        s = requests.get(c)
        if s.status_code == 200:
            print c
    except:
        pass
    try:
        d = str(re.findall("http://.*.cn",lowb)[0])
        d = d + vulurl
        s = requests.get(d)
        if s.status_code == 200:
            print d
    except:
        pass
url.close()

http://www.oniont.cn/index.php/archives/291.html

高性能云服务器2折起
OnionT@KillBoy
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: