deflist_all_file(path): result = [] a = os.listdir(path) #列出当前目录 for i in a: if os.path.isdir(i): #循环,列出目录,如果还是目录那就继续列出 e = os.path.join(path,i) #路径拼接 result.extend(list_all_file(e)) else: e = os.path.join(path,i) result.append(e) return result
然后正式开始,列出路径,过滤只留下php文件
1 2 3
a = list_all_file(path=r'.') b = [i for i in a if i. endswith('.php')] print(b)
效果图:
然后开始分类漏洞,新建info.py、sqlinject.py,用import导入:
1 2
import sqlinject import info
为了让回显带路径+文件,继续定义函数,sqlinject文件:
1 2 3 4 5 6 7 8 9 10 11
deflist_all_file(path): result = [] a = os.listdir(path) #列出当前目录 for i in a: if os.path.isdir(i): #循环,列出目录,如果还是目录那就继续列出 e = os.path.join(path,i) #路径拼接 result.extend(list_all_file(e)) else: e = os.path.join(path,i) result.append(e) return result
然后开始内容,打开读取匹配正则:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
a = list_all_file(path=r'.') #把值存在a b = [i for i in a if i. endswith('.php')] #遍历a,找出所有php文件 for c in b: #循环,打开所有php文件 f = open(c) o = f.read() auditsql = re.search(r"\$GET_\['id'\]",o, re.I) #正则开始 auditsql2 = re.search(r"\$POST_\['id'\]", o, re.I) auditsql3 = re.search(r"echo\s.+\$+\S.+\"",o,re.I) auditsql4 = re.search(r"\$+id", o, re.I) if auditsql: print('疑似存在SQL注入漏洞!请查看文件:'+c,'第行:'+auditsql.group(0)) # group(0)列出匹配到的正则,0或者()是默认列出所有 if auditsql2: print('疑似存在POST注入漏洞!请查看文件:'+c,'第行:'+auditsql2.group(0)) if auditsql3: print('疑似存在SQL注入漏洞!请查看文件:'+c,'第行:'+auditsql3.group(0)) if auditsql4: print('疑似存在SQL注入漏洞!请查看文件:' + c, '第行:' + auditsql4.group(0)) f.close()
deflist_all_file(path): result = [] a = os.listdir(path) for i in a: if os.path.isdir(i): e = os.path.join(path,i) result.extend(list_all_file(e)) else: e = os.path.join(path,i) result.append(e) return result
a = list_all_file(path=r'.') b = [i for i in a if i. endswith('.php')] for i in b: f = open(i) u = f.read() auditinfo = re.search(r"phpinfo\(\)",u,re.I) if auditinfo: print('存在phpinfo信息泄露漏洞!文件:' +i, '第行:' + auditinfo.group(0)) f.close()
Disclaimer: This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.