MENU

Discuz插件漏洞挖掘检测

September 1, 2016 • Security

Disucz 插件漏洞挖掘

http://www.mottoin.com/87461.html

插件检测

1.在discuz官方爬取插件字典

# -*- coding:utf-8 -*-
import urllib2
import re
def getsigledate(i):
    url = 'http://addon.discuz.com/index.php?view=plugins&f_order=create&page=' + str(i)
    user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
    headers = { 'User-Agent' : user_agent }
    try:
        request = urllib2.Request(url,headers = headers)
        response = urllib2.urlopen(request)
        content = response.read()
        pattern = re.compile('<a href="http:\/\/addon.discuz.com/\?@([0-9a-zA-Z_]*)\.plugin" class="avt">',re.S)
        items = re.findall(pattern,content)
        for item in items:
                print item
    except urllib2.URLError, e:
        if hasattr(e,"code"):
            print e.code
        if hasattr(e,"reason"):
            print e.reason
if __name__ == '__main__':
    for i in range(1,140):
        getsigledate(i)

dzpluginlist.txt

2.插件扫描检测

# -*- coding:utf-8 -*-
import urllib2
def checkplugin(i):
    url = host+'/plugin.php?id='+str(i)
    user_agent = 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'
    headers = { 'User-Agent' : user_agent }
    try:
        request = urllib2.Request(url,headers = headers)
        response = urllib2.urlopen(request)
        content = response.read().decode('utf8')
        if content.find(u"\u63d2\u4ef6\u4e0d\u5b58\u5728\u6216\u5df2\u5173\u95ed") != -1:
            #pass
            print i+'__notfind'
        else:
            print i+'____find'
            list.append(i)
    except urllib2.URLError, e:
        open('error.txt','a').write(str(i)+'\n')
        if hasattr(e,"code"):
            print e.code
        if hasattr(e,"reason"):
            print e.reason
if __name__ == '__main__':
    host = 'http://bbs.tuniu.com' #
    list = []
    for i in open('dzpluginlist_t.txt').readlines():
        #print i.strip()
        checkplugin(i.strip())
    for l in list:
        print '[-] '+host+'/plugin.php?id='+l

工具

Dzscan(dzscan.org) Discuz扫描器,完全针对国产Disucz论坛进行开发的扫描器,深度挖掘存在的漏洞,并且有一个正在长期维护的漏洞库。

Archives QR Code
QR Code for this page
Tipping QR Code