From 4884d862a228b3173079fcb4c073a3d0a0eda164 Mon Sep 17 00:00:00 2001 From: Scivous <66907785+Scivous@users.noreply.github.com> Date: Fri, 26 Aug 2022 13:14:42 +0800 Subject: [PATCH] Update thinkPHPBatchPoc.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 这个i=5判断有问题,如果i=4存在漏洞时,已经写入了i=i+1,所以当i=5时,就会生成no vulnerable告警,但flag已经变成了true,flag意义已经不存在了,所以应该设置flag为是否有漏洞的判断条件。 --- thinkPHPBatchPoc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/thinkPHPBatchPoc.py b/thinkPHPBatchPoc.py index 66724d0..fd4b2ee 100644 --- a/thinkPHPBatchPoc.py +++ b/thinkPHPBatchPoc.py @@ -60,7 +60,7 @@ def Scan(url): else: break - if i==5: + if not flag: print("[-] {} is not vulnerable".format(URL)) print() else: