GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → theLSA → ecshop-getshell

theLSA / ecshop-getshell

Licence: MIT license
ecshop rce getshell

Programming Languages

python
139335 projects - #7 most used programming language

Labels

rceecshopgetshell

Projects that are alternatives of or similar to ecshop-getshell

Penetration testing poc
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Stars: ✭ 3,858 (+13203.45%)
Mutual labels:  rce, getshell
RCE-python-oneliner-payload
Python bind shell single line code for both Unix and Windows, used to find and exploit RCE (ImageMagick, Ghostscript, ...)
Stars: ✭ 23 (-20.69%)
Mutual labels:  rce
log4jpwn
log4j rce test environment and poc
Stars: ✭ 306 (+955.17%)
Mutual labels:  rce
exploits
Some personal exploits/pocs
Stars: ✭ 52 (+79.31%)
Mutual labels:  rce
CVE-2019-7609
RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizer
Stars: ✭ 47 (+62.07%)
Mutual labels:  rce
CVE-2021-41773 CVE-2021-42013
Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE
Stars: ✭ 20 (-31.03%)
Mutual labels:  rce
PrintNightmare-CVE-2021-34527
PrintNightmare - Windows Print Spooler RCE/LPE Vulnerability (CVE-2021-34527, CVE-2021-1675) proof of concept exploits
Stars: ✭ 73 (+151.72%)
Mutual labels:  rce
NodeJS-Red-Team-Cheat-Sheet
NodeJS Red-Team Cheat Sheet
Stars: ✭ 121 (+317.24%)
Mutual labels:  rce
PwnX.py
🏴‍☠️ Pwn misconfigured sites running ShareX custom image uploader API through chained exploit
Stars: ✭ 30 (+3.45%)
Mutual labels:  rce
spring-boot-upload-file-lead-to-rce-tricks
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
Stars: ✭ 517 (+1682.76%)
Mutual labels:  rce
python-log4rce
An All-In-One Pure Python PoC for CVE-2021-44228
Stars: ✭ 179 (+517.24%)
Mutual labels:  rce
cloudrasp-log4j2
一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.
Stars: ✭ 105 (+262.07%)
Mutual labels:  rce
weeshop
ECShop 微信小程序商城非官方版,基于3.6版本 appserver 接口。
Stars: ✭ 90 (+210.34%)
Mutual labels:  ecshop
PayloadsAll
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 31 (+6.9%)
Mutual labels:  rce
OSCE
Some exploits, which I’ve created during my OSCE preparation.
Stars: ✭ 74 (+155.17%)
Mutual labels:  rce
penelope
Penelope Shell Handler
Stars: ✭ 291 (+903.45%)
Mutual labels:  rce
rce
Distributed, workflow-driven integration environment
Stars: ✭ 42 (+44.83%)
Mutual labels:  rce
exploit-CVE-2015-3306
ProFTPd 1.3.5 - (mod_copy) Remote Command Execution exploit and vulnerable container
Stars: ✭ 97 (+234.48%)
Mutual labels:  rce
CVE-2022-21907-http.sys
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Stars: ✭ 67 (+131.03%)
Mutual labels:  rce
Umbraco-RCE
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Stars: ✭ 61 (+110.34%)
Mutual labels:  rce
View All Similar Projects ➔

ecshop-getshell.py-ecshop rce getshell漏洞检测工具

概述

ecshop 2.x rce getshell漏洞,漏洞文件为user.php,由于$arr[id]和$arr[num]没有过滤导致SQL注入,进而可getshell,详情参考ecshop2.x远程代码执行漏洞重现及分析
本工具支持单url,批量检测该漏洞。

快速开始

python ecshop-getshell.py -h

单url检测:python ecshop-getshell.py -u "http://www.aaa.com/user.php?act=logni"

批量检测:python ecshop-getshell.py -f urls.txt -t 7 -s 6


反馈

issues
gmail:[email protected]
QQ邮箱:[email protected]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].