时间戳

首页 > 解决方案 > 比较两个url,通过读取python中page的内容,看看是否可以进行路径遍历

python - 比较两个url,通过读取python中page的内容,看看是否可以进行路径遍历

问题描述

我正在尝试使用 python 比较两个 URL。基本上我想测试是否可以执行目录遍历。我正在尝试比较页面的内容,如果它重定向到同一页面,那么它不是易受攻击的,如果它不同,那么它是易受攻击的。我已经尝试了以下代码。输入后,显示错误。

代码:

import urllib
def pywalker():
    target_url= input("Enter url :")
    res = urllib.request.urlopen('http://'+target_url+"../../../etc/password")
    res2 = urllib.request.urlopen('http://'+target_url)
    if res.read() == res2.read():
        print("Same webpage")
    else:
        print("Not same ")
pywalker()

错误:

Traceback (most recent call last):

  File "<ipython-input-63-e0e37c2314c8>", line 11, in <module>
    pywalker()

  File "<ipython-input-63-e0e37c2314c8>", line 4, in pywalker
    res = urllib.request.urlopen('http://'+target_url+"../../../etc/password")

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 222, in urlopen
    return opener.open(url, data, timeout)

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 525, in open
    response = self._open(req, data)

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 543, in _open
    '_open', req)

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 503, in _call_chain
    result = func(*args)

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 1345, in http_open
    return self.do_open(http.client.HTTPConnection, req)

  File "C:\Users\user\Anaconda3\lib\urllib\request.py", line 1317, in do_open
    encode_chunked=req.has_header('Transfer-encoding'))

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 1229, in request
    self._send_request(method, url, body, headers, encode_chunked)

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 1275, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 1016, in _send_output
    self.send(msg)

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 956, in send
    self.connect()

  File "C:\Users\user\Anaconda3\lib\http\client.py", line 928, in connect
    (self.host,self.port), self.timeout, self.source_address)

  File "C:\Users\user\Anaconda3\lib\socket.py", line 707, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):

  File "C:\Users\user\Anaconda3\lib\socket.py", line 748, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):

UnicodeError: encoding with 'idna' codec failed (UnicodeError: label empty or too long)

标签: pythonsecurity

解决方案

推荐阅读