我正试图发送sql查询到我的wordpress数据库使用管理员脚本,但问题我错过了一些东西需要发送作为正文或标题在我看来(如果我错了,请连接我)
原始请求
POST /REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=select%20*%20from%20wplj_users HTTP/1.1
Host: mywebsite
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=
Content-Type: multipart/form-data; boundary=---------------------------1328964205768204682490124619
Content-Length: 425
Cookie: adminer_sid=00e0c898e031284904f8e51b591c1dee; adminer_key=320bc6e9870ffdf2f54982cb2292de87
Connection: close
Upgrade-Insecure-Requests: 1
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"
select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"
401937:659783
-----------------------------1328964205768204682490124619--
原始标题
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"
select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"
401937:659783
-----------------------------1328964205768204682490124619--
我还截获了使用Burp套件的请求,以进一步澄清
原始请求
请求参数
请求头
我的实际代码
ses = requests.Session()
data = {"server": "localhost",
"username": wpuser,
"db": wpdb,
"sql": "SELECT * from wplj_users"}
url="https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=SELECT%20*%20from%20wplj_users"
request = ses.post(url,data=data )
无限制的请求、查询、令牌(内容处置)不返回想要的响应,如何传递?你知道吗
看来你得以
files=
的形式发送对于测试,我使用了https://httpbin.org,它发回所有请求中得到的内容,这样我就可以显示它并与预期的数据进行比较
我在文件中使用了
(None, "SELECT * from wplj_users")
,所以这个None
将删除filename="query"
结果
相关问题 更多 >
编程相关推荐