cmsPoc

Requirements

• python2.7
• Works on Linux, Windows

Usage

usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

参数说明：

• -t：指定cms的类型，比如 -t beecms
• -s：指定要载入的POC脚本，比如 -s v40_fileupload_getshell
• -u：指定目标cms，比如 -u http://vuln/index.php

Script

完整脚本列表请见：cmsPoc：Wiki For more scripts,you can see here: cmsPoc：Wiki

目前poc数量较少，这里列出一部分，以后持续更新。

TYPE	SCRIPT	DESCRIPTION
phpcms	v960_sqlinject_getpasswd	phpcmsv9.6.0 wap模块 sql注入 获取passwd
icms	v701_sqlinject_getadmin	icmsv7.0.1 admincp.php sql注入 后台任意登陆
discuz	v34_delete_arbitary_files	discuz ≤ v3.4 任意文件删除
beecms	v40_fileupload_getshell	beecms ≤ V4.0_R_20160525 文件上传漏洞
semcms	v23_sqlinject_getadmin	semcms ≤ V2.3 sql注入 后台任意登陆
joomla	v370_sqlinject_getuser	Joomla v3.7.0 sql注入 com_fields组件
drupal	v833_yamlseria_getphpinfo	Drupal ≤ v8.3.3 yaml反序列化 远程命令执行漏洞

Examples

python cmspoc.py -u http://127.0.0.1/beecms/inex.php -t beecms -s v40_fileupload_getshell

Legal Disclaimer

本项目仅供教育和学习交流使用，请勿用于非法用途恶意攻击，否则后果作者概不负责。

This project is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.