没有所谓的捷径
一切都是时间最平凡的累积

python批量替换升级fckeditor漏洞文件class_upload.asp

本文最后更新于2019年10月16日,已超过33天没有更新,如果文章内容失效,请反馈给我们,谢谢!
# -*- coding:utf-8 -*-

import os
from queue import Queue
import threading
import time
import shutil
import requests

runthcount = 0
tempfile = r'D:\download\class_upload.asp'  # 更新文件


class CheckFtpThread(threading.Thread):

    def __init__(self, id, ftp_queue, check_queue):
        threading.Thread.__init__(self)
        self.id = id
        self.ftp_queue = ftp_queue
        self.check_queue = check_queue

    def run(self):
        global runthcount
        while not self.ftp_queue.empty():
            dir_list = []
            root_path = self.ftp_queue.get()
            ftp, = root_path
            real_root_path = root_path.get(ftp)
            self.get_file(ftp, real_root_path)
        runthcount = runthcount - 1

    def Getshellcontent(self, x):
        with open(x, 'r', encoding='UTF-8', errors="ignore") as f:
            shellcontent = f.read()
        try:
            return shellcontent
        except Exception as e:
            raise e

    def get_file(self, ftp, real_root_path):
        flag = False
        for dirpath, dirnames, filenames in os.walk(real_root_path):
            for name in filenames:
                fullname = os.path.join(dirpath, name)
                if (r"F_E_Folder\B_J_Q\filemanager\connectors\asp\class_upload.asp" in fullname or r"F_E_Folder\editor\filemanager\connectors\asp\class_upload.asp" in fullname):
                    if r"F_E_Folder\B_J_Q\filemanager\connectors\asp\class_upload.asp.bak" not in fullname and r"F_E_Folder\editor\filemanager\connectors\asp\class_upload.asp.bak" not in fullname:
                        print(fullname)
                        shutil.copy(fullname, fullname + '.bak')
                        filecontent = self.Getshellcontent(tempfile)
                        try:
                            with open(fullname, "w", encoding='utf-8') as f:
                                f.write(filecontent)
                        except Exception as e:
                            print(e)
                        else:
                            flag = True
        if flag:
            self.check_queue.put(ftp)

def main(**args):
    ftp_queue = Queue()
    check_queue = Queue()
    root_path = r'D:\www'
    for ftp in os.listdir(root_path):
        ftp_dir = os.path.join(root_path, ftp)
        if os.path.isdir(ftp_dir):
            ftp_queue.put({ftp: ftp_dir})
    for i in range(1, 6):
        check_t = CheckFtpThread(i, ftp_queue, check_queue)
        check_t.isDaemon()
        check_t.start()
        runthcount = runthcount + 1
    run = True
    userlist = []
    while run:
        if check_queue.empty():
            if runthcount == 0:
                run = False
            time.sleep(1)
        else:
            ftp = check_queue.get()
            userlist.append(ftp)
    return {'size': len(userlist), 'userlist': userlist}


if __name__ == '__main__':

    start = time.time()
    print(main())
    end = time.time()
    print(end - start)

 

赞(0) 打赏
声明:本站发布的内容(图片、视频和文字)以原创、转载和分享网络内容为主,若涉及侵权请及时告知,将会在第一时间删除,联系邮箱:lwarm@qq.com。文章观点不代表本站立场。本站原创内容未经允许不得转载,或转载时需注明出处:红岩子 » python批量替换升级fckeditor漏洞文件class_upload.asp
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

今天所做的努力都是在为明天积蓄力量

联系我们赞助我们