-1
我試圖在一個字典的鑰匙替換一個SQL查詢字符串的字符OR NOT "[low_level_rand_num]"="[rand_num]":在一個字符串替換項目在字典匹配的密鑰是
replacements = {
'"[low_level_rand_num]"': str(random.randint(1, 13)),
'"[rand_num]"': str(random.randint(13, 26)),
'"[comment]"': random.choice(["--", "/*", "#", "*/", "'", '"', "`", "-"]),
'"[rand_string]"': "asdf",
'"[query]"': "test_col",
'"[big_int_1]"': str(random.randint(10000000000, 99999999999)),
'"[big_int_2]"': str(random.randint(10000000000, 99999999999)),
'"[encoding]"': random.choice(["utf8", "utf16", "utf32", "ascii"]),
'"[sleeper]"': str(random.randint(3, 9))
}
使用string.replace()功能,像這樣:
def build_payloads(template):
replacements = {
'"[low_level_rand_num]"': str(random.randint(1, 13)),
'"[rand_num]"': str(random.randint(13, 26)),
'"[comment]"': random.choice(["--", "/*", "#", "*/", "'", '"', "`", "-"]),
'"[rand_string]"': rand_string_gen(),
'"[query]"': random_column(),
'"[big_int_1]"': str(random.randint(10000000000, 99999999999)),
'"[big_int_2]"': str(random.randint(10000000000, 99999999999)),
'"[encoding]"': random.choice(["utf8", "utf16", "utf32", "ascii"]),
'"[sleeper]"': str(random.randint(3, 9))
}
for k in replacements.keys():
if k in template:
print template.replace(k, replacements[k])
然而,每次我運行這個功能,我得到的輸出:
OR NOT 7="[rand_num]"
OR NOT "[low_level_rand_num]"=21
看來,它取代了字符串,但它並沒有讓它們被替換,我在做什麼錯誤的地方,字符串不會被替換,我該如何解決這個問題,並得到我的預期輸出OR NOT 7=21?
[''str.replace''](https://docs.python.org/3.5/library/stdtypes.html#str.replace) - >''返回字符串的副本與所有子字符串old的替換被new替換。「您將需要用str.replace的結果替換字符串 –