We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The secret of success is constancy to purpose.
SQL
AND
SELECT
or
select
SEL+SELECT+ECT
SEL+ECT
POST
Burpsuite
用户id
自己id
目标id
string.Template(template)
template
substitute(mapping[, **kws])
kws
safe_substitute(mapping[, **kws])
$
{}
from string import Template s = Template('${who} likes $what') s = s.substitute(who='tim', what='kung pao') print s d = dict(who='tim') print Template('$who likes $what').safe_substitute(d)
argparse.ArgumentParser()
formatter_class
descripton
epilog
argparse.RawDescriptionHelpFormatter
argparse.RawTextHelpFormatter
description
add_argument
help
argparse.ArgumentDefualtsHelpFormatter
#!/usr/bin/env python # coding=utf-8 import argparse import sys def parse_args(): parser = argparse.ArgumentParser(prog='IVSpider', formatter_class=argparse.ArgumentDefaultsHelpFormatter, description="*Ingored Vulnerabilities Spider for Wooyun.*", usage="IVSpider.py [options]") parser.add_argument('-s', metavar='StartPage', type=int, default=1, help="The start page of Wooyun") parser.add_argument('-e', metavar='EndPage', type=int, default=2, help="The end page of Wooyun, Not including") parser.add_argument('-t', metavar='Threads', type=int, default=10, help="Num of threads for spider, 10 for default") # 如果cmd接受到的参数只有1,也就是只有脚本名,那么就添加一个 -h/-help 的命令 if len(sys.argv) == 1: sys.argv.append('-h') args = parser.parse_args() return args
py
git
The text was updated successfully, but these errors were encountered:
No branches or pull requests
0x01 Wooyun
SQL注入AND和SELECT被过滤,AND可以用or替换,select被替换成了空,可以用SEL+SELECT+ECT来替代,然后替换了SELECT为空,剩下了SEL+ECT就是SELECTPOST数据,修改包内的参数,越权访问他人的数据,修改密码也可以用抓包用他人的数据来实现修改Burpsuite代理,找用户id,用Burpsuite将自己id替换成目标id,登录后,部分信息、私有内容会出现目标id的,回复的话还是自己id0x02 Wooyun爬虫
string.Template(template)字符串的模板类template就是模板字符串,可以将字符串的格式固定下来,重复利用substitute(mapping[, **kws])执行模板替换,返回一个新字符串,映射是任何类似于字典对象与键匹配的模板中的占位符,或者可以提供关键字参数,重复时,从kws占位符具有更高的优先safe_substitute(mapping[, **kws])可以替换其中的一个数据$接需要替换的模板,可以用{}包裹起来argparse.ArgumentParser()formatter_class自定义帮助信息的格式(descripton和epilog),默认情况下会将长的帮助信息进行自动换行和消除多个连续空白argparse.RawDescriptionHelpFormatter直接输出原始形式,不进行自动换行和消除空白argparse.RawTextHelpFormatter直接输出description和epilog以及add_argument中的help字符串的原始形式,不进行自动换行和消除空白argparse.ArgumentDefualtsHelpFormatter在每个选项的帮助信息后面输出他们对应的缺省值,如果有设置的话,这个最常用0x03 一天总结
py子模块的调用,用于主程序git上面优秀的代码The text was updated successfully, but these errors were encountered: