http://hackinglab.cn/ShowQues.php?type=scripts
小明要参加一个高技能比赛,要求每个人都要能够快速口算四则运算,2秒钟之内就能够得到结果,但是小明就是一个小学生没有经过特殊的培训,那小明能否通过快速口算测验呢?
测试地址: http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php
import requests
proxies = {
# "http": "http://127.0.0.1:8080",
}
u = 'http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php'
s = requests.Session()
r = s.get(url=u,proxies=proxies) # 最基本的GET请求
r.encoding = 'utf-8'
#r = requests.get(url='http://dict.baidu.com/s', params={'wd':'python'}) #带参数的GET请求
print(r.status_code) # 获取返回状态
print(r.url)
html = r.text.encode('utf-8', 'ignore')
print(html)
200
http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
</head>
<body>
<form action="" method="post">
请在2秒内口算结果并提交!<br/>
3412*59495+94*(3412+59495)=<input type="text" name="v"/>
<input type="submit" value="提交"/>
</form>
</body>
</html>
def getbetween(txt,bs,es):
b = txt.find(bs)
e = txt.find(es,b+len(bs))
r= txt[b+len(bs):e]
return r
exp = getbetween(html,'<br/>','=').replace(' ','')
print exp
v= eval(exp)
3412*59495+94*(3412+59495)
data = {'v': v}
#headers = {'content-type': 'application/json',
# 'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0'}
#r = requests.post('https://api.github.com/some/endpoint', data=data, headers=headers)
r = s.post(u, data=data,proxies=proxies)
r.encoding = 'utf-8'
#r = requests.get(url='http://dict.baidu.com/s', params={'wd':'python'}) #带参数的GET请求
print(r.status_code) # 获取返回状态
print(r.url)
html = r.text.encode('utf-8', 'ignore')
print html
200
http://lab1.xseclab.com/xss2_0d557e6d2a4ac08b749b61473a075be1/index.php
<html>
<head>
<meta http-equiv=Content-Type content="text/html;charset=utf-8">
</head>
<body>key is 123iohHKHJ%^&*(jkh </body>
</html>
网友评论