A CMS Exploit Framework.
Requirements
- python2.7
- Works on Linux, Windows
Usage
usage: cmspoc.py [-h]
-t TYPE -s SCRIPT -u URL
optional arguments:
-h, --help show this help message and exit
-t TYPE, --type TYPE e.g.,phpcms
-s SCRIPT, --script SCRIPT
Select script
-u URL, --url URL Input a target url
Examples
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960
Scripts
TYPE | SCRIPT | DESCRIPTION |
---|---|---|
phpcms | v960_sqlinject_getpasswd | phpcmsv9.6.0 wap模块 sql注入 获取passwd |
icms | v701_sqlinject_getadmin | icmsv7.0.1 admincp.php sql注入 后台任意登陆 |
discuz | v34_delete_arbitary_files | discuz ≤ v3.4 任意文件删除 |
beecms | v40_fileupload_getshell | beecms ≤ V4.0_R_20160525 文件上传漏洞 |
Add Comment