url = "http://www.example.com?type=a&type1=b&type2=c"
urllist = get_urllist(url)
trigger = ["'or '1'='1'"," 'OR '1'='2'","'OR a=a"]
def get_urllist(url):
url_parsed = urlparse.urlparse(url)
#extract the query parameters of the URL
query = urlparse.parse_qs(url_parsed.query)
#get the list of query
query_list = query_list(query)
#Get Base url
url = urlparse._replace(query=None).geturl()
#modify url to get url_list
for query in query_list :
# change the original query to get the expected result
return url_list
def query_list(query):
for t in trigger:
for key, value in query.items():
query[key] += t
query_list.append(query)
return query_list
如何通过更改查询参数值来返回URL列表?如何更改python中url查询的值?
原始URL = “http://www.example.com?type=a&type1=b&type2=c”
预期结果:
URL_LIST = [” http://www.example.com?type=a '或 '1'=' 1' & TYPE1 = b'OR '1'= '1' & TYPE2 ='1'','http://www.example.com?type=a'或'1'='2'& type1 = b'OR'1'='2'& type2 = c'OR'1'='2' “,”http://www.example.com?type=a“或a = a & type1 = b'OR a = a & type2 = c''OR a = a”]
是否'OR xxx'对你有意义? – luoluo
同时你的'trigger'正确吗?一个长度为1的列表? – luoluo
'或'1'='1'用于检查SQL注入。我只是试图自动化它。更改了触发器。 –