一个sql盲注小工具 (Golang版)
时间:2021-07-01 10:21:17
帮助过:3人阅读
=
‘mysql‘;
$host=
‘localhost‘;
$dbName=
‘mysql‘;
$user=
‘root‘;
$pass=
‘root‘;
$dsn=
"$dbms:host=$host;dbname=$dbName";
try {
$pdo =
new PDO($dsn, $user, $pass);
} catch (PDOException $e) {
echo $e;
}
$id = $_GET[
‘id‘]?:
0;
$sql =
"select * from user where max_questions={$id}";
$stmt = $pdo->
query($sql);
if($row=$stmt->
fetch(PDO::FETCH_ASSOC)) {
sleep(sleeptime());
echo ‘1正确‘;
} else {
sleep(sleeptime());
echo ‘0‘;
}
function sleeptime(){
$time = [
‘0.5‘=>
‘‘,
‘1‘=>
‘‘,
‘1.5‘=>
‘‘,
‘2‘=>
‘‘,
‘2.5‘=>
‘‘];
return array_rand($time,
1);
}
View Code
使用的mysql数据库,随机延误0.5-2.5秒。(如果不延迟的话差不多7秒跑完)
测试效果如图:
数据存在丢失,而且有些会超时,主要为了练手。
源码及exe:
链接: https://pan.baidu.com/s/13uYzA9CX8p_bx32pp_vZTw 提取码: a57a
一个sql盲注小工具 (Golang版)
标签:ima roo 多少 延迟 fun mic 定义 规则 是你
