1. 首页
  2. 问答
  3. 如何更改python中url查询的值?

如何更改python中url查询的值?

2017-04-25 23 views
0 
url = "http://www.example.com?type=a&type1=b&type2=c" 
urllist = get_urllist(url) 
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"] 

def get_urllist(url): 
    url_parsed = urlparse.urlparse(url) 
    #extract the query parameters of the URL 
    query = urlparse.parse_qs(url_parsed.query) 
    #get the list of query 
    query_list = query_list(query) 
    #Get Base url 
    url = urlparse._replace(query=None).geturl() 
    #modify url to get url_list 
    for query in query_list : 
     # change the original query to get the expected result 


return url_list 


def query_list(query): 
    for t in trigger: 
     for key, value in query.items(): 
      query[key] += t 
     query_list.append(query) 

    return query_list

如何通过更改查询参数值来返回URL列表?如何更改python中url查询的值?

原始URL = “http://www.example.com?type=a&type1=b&type2=c

预期结果:

URL_LIST = [” http://www.example.com?type=a '或 '1'=' 1' & TYPE1 = b'OR '1'= '1' & TYPE2 ='1'','http://www.example.com?type=a'或'1'='2'& type1 = b'OR'1'='2'& type2 = c'OR'1'='2' “,”http://www.example.com?type=a“或a = a & type1 = b'OR a = a & type2 = c''OR a = a”]

来源

2017-04-25 Anubhav Singh

+0

是否'OR xxx'对你有意义? – luoluo

+0

同时你的'trigger'正确吗?一个长度为1的列表? – luoluo

+0

'或'1'='1'用于检查SQL注入。我只是试图自动化它。更改了触发器。 –

回答

3

在Python2.x

可以使用urlparse.urlparse功能和ParseResult._replace方法:

import urlparse 
url = "http://www.example.com?type=a&type1=b&type2=c" 
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"] 

parsed = urlparse.urlparse(url) 
querys = parsed.query.split("&") 
result = [] 
for pairs in trigger: 
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys]) 
    parsed = parsed._replace(query=new_query) 
    result.append(urlparse.urlunparse(parsed))

注意

urlparse模块被重命名为urllib.parsePython 3。转换你的源代码到Python 3

当在Python3.x

2to3工具会自动适应进口可以使用urlparse.urlparse功能以及。

import urllib.parse as urlparse 
url = "http://www.example.com?type=a&type1=b&type2=c" 
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"] 

parsed = urlparse.urlparse(url) 
querys = parsed.query.split("&") 
result = [] 
for pairs in trigger: 
    new_query = "&".join([ "{}{}".format(query, pairs) for query in querys]) 
    parsed = parsed._replace(query=new_query) 
    result.append(urlparse.urlunparse(parsed))

DEMO OUTPUT:

["http://www.example.com?type=a'or '1'='1'&type1=b'or '1'='1'&type2=c'or '1'='1'", "http://www.example.com?type=a 'OR '1'='2'&type1=b 'OR '1'='2'&type2=c 'OR '1'='2'", "http://www.example.com?type=a'OR a=a&type1=b'OR a=a&type2=c'OR a=a"]

来源

2017-04-25 11:34:03 luoluo

+0

不幸的是,这个方法至少在python 3上被弃用。你会得到:ModuleNotFoundError:没有名为'urlparse'的模块 – 2017-12-02 15:11:17

相关问题

 相关问题