Home

Awesome

wooyun_search

乌云公开漏洞、知识库搜索

index search author

0x00.介绍

bugs   链接: https://pan.baidu.com/s/1n_kkUaZZxcTEa4-v6sGa9Q 密码: sg98 (20180707)
drops  链接: https://pan.baidu.com/s/1r2Y7rfntwnjglX6HtzDk6w 密码: 738f (20180707)

0x01.依赖组件及说明

文件说明:
	app_bugs.py                      bugs的索引,依赖lxml
	app_drops.py                     drops的索引,依赖lxml
	index.html                       搜索的主页
	search.php                       执行搜索的页面
	config.php                       php配置文件
	./bugs                           bugs静态文件的目录
	./drops                          drops静态文件的目录

0x02.索引配置

    conn=MySQLdb.connect(host='localhost',port=3306,user='root',passwd='',db='wooyun',charset='utf8')
    CREATE DATABASE `wooyun` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
    create table bugs(title VARCHAR(500),dates DATETIME, author CHAR(255),type CHAR(255),corp CHAR(255),doc VARCHAR(200) PRIMARY KEY);
    create table drops(title VARCHAR(500),dates DATETIME, author CHAR(255),type CHAR(255),doc VARCHAR(200) PRIMARY KEY);
use wooyun;
show variables like 'character%'; #查看编码
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | utf8                       |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | utf8                       |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+

如果编码错误会报错,比如:

Warning: Incorrect string value: '\xE5\xBB\xB6\xE9\x95\xBF...' for column 'title' at row 1
cur.execute("INSERT INTO `drops`(`title`,`dates`,`author`,`type`,`doc`) VALUES(%s,%s,%s,%s,%s)", tmp)

在mysql里查看会发现有一堆???

sudo python ./app_bugs.py
sudo python ./app_drops.py
use wooyun;
select count(*) from bugs;
select count(*) from drops;

0x03.搜索配置

$config['host'] = '127.0.0.1';
$config['port'] = '3306';
$config['user'] = 'root';
$config['passwd'] = '';
$config['database'] = 'wooyun'; 
<link href="//lib.baomitu.com/twitter-bootstrap/3.3.7/css/bootstrap.min.css" rel="stylesheet" type="text/css">
<script type="text/javascript" src="//lib.baomitu.com/jquery/3.1.0/jquery.min.js"></script>
<script type="text/javascript" src="//lib.baomitu.com/twitter-bootstrap/3.3.7/js/bootstrap.min.js"></script>
getenforce   //查看selinux状态
setenforce 0   //暂时关闭selinux

0x04.问题

0x05.更新日志

0x06.后记

0x07.其他