如何解决如何使用 Python 脚本检测 SQL 注入漏洞
现在我使用这个代码:
...
def is_vulnerable(response):
"""A simple boolean function that determines whether a page
is SQL Injection vulnerable from its `response`"""
errors = {
"you have an error in your sql syntax;","warning: mysql","unclosed quotation mark after the character string","quoted string not properly terminated",}
for error in errors:
if error in response.content.decode().lower():
return True
return False
def scan_sql_injection(url):
for c in "\"'":
new_url = f"{url}{c}"
print("[!] Trying",new_url)
res = s.get(new_url)
if is_vulnerable(res):
print("[+] SQL Injection vulnerability detected,link:",new_url)
return
forms = get_all_forms(url)
print(f"[+] Detected {len(forms)} forms on {url}.")
...
可在 https://www.thepythoncode.com/article/sql-injection-vulnerability-detector-in-python 处找到。我扫描了一个容易受到 SQL 注入攻击的简单网站,但检测器脚本的输出仅为“在 URL 上检测到 1 个表单”。看起来检测器只测试了 SQL 注入的 URL。
我想我需要编写一个新的 FOR 循环来测试输入字段。有人可以帮我吗?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。