Transfer injection of SQL and python flash

nineteens 2021-04-07 16:10:01
We're doing the routine SQL At the time of Injection , There are several situations

1、 Often because of the construction of network request trouble

2、 Write tamper It's too much trouble

At this time, our transfer injection will come , There's a Web Questions need to be constructed frequently gopher To achieve POST perhaps GET request , At this time, if we want to achieve more freedom SQL Inject , You can use

from flask import Flask,request

from urllib.parse import quote

import requests

def urlencode(s):


for c in s:


if len(fuck)==1:



return res

fuckhtml='''POST /admin.php HTTP/1.1


Connection: close

Content-Type: application/x-www-form-urlencoded

Content-Length: {length} Beihai house purchase website


tmpPayload= fuckhtml.split("\r\n")[-1]

tmplength = len(tmpPayload) - len('{username}')


app = Flask(__name__)


def hello_world():





return page

if __name__ == '__main__':

Of course we can get rid of proxies Parameters , It's added here for the sake of peace burpsuite Achieve linkage


