TraverseFilesBySQLInjection
基于sqlmap的利用sql注入漏洞遍历文件是否存在的脚本
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file
usage
需要注意,在盲注时如果开启多线程会导致不稳定
It should be noted that if multi-threading is enabled during blind injection, it will cause instability
usage: test2.py [-h] [-u URL | -r HEADERS_DATA] [-w FILE] [-t THREADS]
By zongdeiqianxing; Email: [email protected]
optional arguments:
-h, --help show this help message and exit
-u URL
-r HEADERS_DATA HTTP request header
-w FILE wordlist containing file path
-t THREADS threads count
show
$ python3 TraverseFilesBySQLInjection.py -r 1.txt -w linux.txt
2021-10-23 23:01:51,211 - __main__ - INFO - The program has been started, if found readable files, it will be displayed, please wait..
2021-10-23 23:02:21,234 - __main__ - INFO - /etc/hosts file exists
2021-10-23 23:02:41,058 - __main__ - INFO - /etc/hostname file exists
2021-10-23 23:03:00,863 - __main__ - INFO - /etc/passwd file exists
105 Dec 05, 2022
17 Aug 23, 2021
3 Oct 05, 2022
116 Jan 08, 2023
15 Nov 26, 2022
4 Aug 08, 2022
6 Oct 10, 2022
12 Sep 28, 2022
1 Dec 16, 2021
462 Jan 02, 2023
8.1k Dec 31, 2022
1.4k Dec 31, 2022
1.1k Aug 24, 2021
40 Dec 29, 2022
1 Dec 13, 2021
1 Nov 23, 2021
81 Dec 07, 2022
92 Dec 29, 2022
6 Jun 05, 2022
93 Jan 05, 2023