Exploitation Tools Web Application Security

cmsPoc – A CMS Exploit Framework

A CMS Exploit Framework.

Requirements

  • python2.7
  • Works on Linux, Windows

Usage

usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

Examples

python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960

Scripts

TYPESCRIPTDESCRIPTION
phpcmsv960_sqlinject_getpasswdphpcmsv9.6.0 wap模块 sql注入 获取passwd
icmsv701_sqlinject_getadminicmsv7.0.1 admincp.php sql注入 后台任意登陆
discuzv34_delete_arbitary_filesdiscuz ≤ v3.4 任意文件删除
beecmsv40_fileupload_getshellbeecms ≤ V4.0_R_20160525 文件上传漏洞

 

About the author

Icarus

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: