A CMS Exploit Framework - cmsPoc



A CMS Exploit Framework.

Requirements
  • python2.7
  • Works on Linux, Windows

Usage
usage: cmspoc.py [-h]
-t TYPE -s SCRIPT -u URL

optional arguments:
-h, --help show this help message and exit
-t TYPE, --type TYPE e.g.,phpcms
-s SCRIPT, --script SCRIPT
Select script
-u URL, --url URL Input a target url

Examples
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960


Scripts
TYPESCRIPTDESCRIPTION
phpcmsv960_sqlinject_getpasswdphpcmsv9.6.0 wap模块 sql注入 获取passwd
icmsv701_sqlinject_getadminicmsv7.0.1 admincp.php sql注入 后台任意登陆
discuzv34_delete_arbitary_filesdiscuz ≤ v3.4 任意文件删除
beecmsv40_fileupload_getshellbeecms ≤ V4.0_R_20160525 文件上传漏洞