/ecshop-getshell

ecshop rce getshell

Primary LanguagePythonMIT LicenseMIT

ecshop-getshell.py-ecshop rce getshell漏洞检测工具

概述

ecshop 2.x rce getshell漏洞,漏洞文件为user.php,由于$arr[id]和$arr[num]没有过滤导致SQL注入,进而可getshell,详情参考ecshop2.x远程代码执行漏洞重现及分析
本工具支持单url,批量检测该漏洞。

快速开始

python ecshop-getshell.py -h

单url检测:python ecshop-getshell.py -u "http://www.aaa.com/user.php?act=logni"

批量检测:python ecshop-getshell.py -f urls.txt -t 7 -s 6


反馈

issues
gmail:lsasguge196@gmail.com
QQ邮箱:2894400469@qq.com