- python2.7
- Works on Linux, Windows
usage: cmspoc.py [-h]
-t TYPE -s SCRIPT -u URL
optional arguments:
-h, --help show this help message and exit
-t TYPE, --type TYPE e.g.,phpcms
-s SCRIPT, --script SCRIPT
Select script
-u URL, --url URL Input a target url
参数说明:
- -t:指定cms的类型
- -s:指定要载入的POC脚本
- -u:指定目标cms
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960
| TYPE | SCRIPT | DESCRIPTION |
|---|---|---|
| phpcms | v960_sqlinject_getpasswd | phpcmsv9.6.0 wap模块 sql注入 获取passwd |
| icms | v701_sqlinject_getadmin | icmsv7.0.1 admincp.php sql注入 后台任意登陆 |
| discuzx | v34_delete_arbitary_files | discuzx! ≤ v3.4 任意文件删除 |
本项目仅供教育和学习交流使用,请勿用于非法用途恶意攻击,否则后果作者概不负责。
This project is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.