Python请求发布正文

时间:2020-01-02 13:12:13

标签: python request python-requests

我正在尝试使用管理员脚本将sql查询发送到我的wordpress数据库,但是我认为缺少东西的问题需要作为正文或标题发送(如果我错了,请连接我)

请求原始 

POST /REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=select%20*%20from%20wplj_users HTTP/1.1
Host: mywebsite
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=
Content-Type: multipart/form-data; boundary=---------------------------1328964205768204682490124619

Content-Length: 425
Cookie: adminer_sid=00e0c898e031284904f8e51b591c1dee; adminer_key=320bc6e9870ffdf2f54982cb2292de87
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"

select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"


-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"

401937:659783
-----------------------------1328964205768204682490124619--

原始标题 

-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="query"

select * from wplj_users
-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="limit"

-----------------------------1328964205768204682490124619
Content-Disposition: form-data; name="token"

401937:659783
-----------------------------1328964205768204682490124619--

我也使用Burp Suite拦截了请求,以进一步阐明

请求原始

Request raw

请求参数

Request parameters

请求标头

Request parameters

我的实际代码

ses = requests.Session()
                    data = {"server": "localhost",
                           "username": wpuser,
                           "db": wpdb,
                            "sql": "SELECT * from wplj_users"}
                    url="https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=SELECT%20*%20from%20wplj_users"
                    request = ses.post(url,data=data )

无限制,查询,令牌(内容处置)的请求未返回所需的响应,我该如何传递它们?

1 个答案:

答案 0 :(得分:1)

似乎您必须以files=的形式发送

为了进行测试,我使用了https://httpbin.org,它会将您在请求中获得的所有信息发回去,以便我可以显示并与预期数据进行比较

在我使用(None, "SELECT * from wplj_users")的文件中,因此此None将删除filename="query" 

import requests

params = {
    'server': 'localhost',
    'username': 'adepfran_wp975',
    'db': 'adepfran_wp975',
    'sql': 'SELECT * from wplj_users',
   }

data = {
    "query": (None, "SELECT * from wplj_users"),
    "limit": (None, ""),
    "token": (None, "401937:659783"),
}

headers = {
    'User-Agent': 'Mozilla/5.0',
    #'Referer': 'https://mywebsite/REV/adminer-4.7.5-en.php?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql='

    # requests.Session() should care of cookies so this header shouldn't be needed
    #'Cookie': 'adminer_sid=00e0c898e031284904f8e51b591c1dee; adminer_key=320bc6e9870ffdf2f54982cb2292de87'
}

url = "https://httpbin.org/post"
#url = "https://mywebsite/REV/adminer-4.7.5-en.php"

s = requests.Session()
#r = s.get(url) # to get fresh cookies
r = s.post(url, params=params, headers=headers, files=data)

print('\n=== url ===\n')
print(r.request.url)

print('\n=== headers ===\n')
for key, val in r.request.headers.items():
    print('{}: {}'.format(key, val))

print('\n=== body ===\n')
print(r.request.body.decode())

结果

=== url ===

https://httpbin.org/post?server=localhost&username=adepfran_wp975&db=adepfran_wp975&sql=SELECT+%2A+from+wplj_users

=== headers ===

User-Agent: Mozilla/5.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 331
Content-Type: multipart/form-data; boundary=79f18e4306b943ea92a49bae21b51b9c

=== body ===

--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="query"

SELECT * from wplj_users
--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="limit"


--79f18e4306b943ea92a49bae21b51b9c
Content-Disposition: form-data; name="token"

401937:659783
--79f18e4306b943ea92a49bae21b51b9c--
相关问题
最新问题