该脚本是实验性的,使用二分法查找进行sql盲注,也支持爆破ascii字符,时间盲注(需要条件为true时时间延迟)。你需要自定义payload,查看examples,爆破点(brute force point)标记为{BFP},操作符(operator)标记为{OPE},增长数字标记为{INC_5}(从5开始增长),堆叠点标记为{STP}。增长数字和堆叠点用途示例:'user{STP}'=(select left(table_name,{INC_5}) from information_schema.tables where table_name like 'user%' limit 1),表示从第5个字符爆破,爆破的字符会堆叠到{STP}进行下一次爆破。
This script is experimental and utilizes binary search for SQL blind injection. It also supports brute-forcing ASCII characters and time-based blind injection (with a delay when the condition is true). You need to customize the payload by referring to the examples provided. The brute force point is marked as {BFP}, the operator as {OPE}, increasing numbers as {INC_5} (starting from 5), and the stacking point as {STP}. Examples of the use of increasing numbers and stacking points: 'user{STP}'=(select left(table_name,{INC_5}) from information_schema.tables where table_name like 'user%' limit 1), indicating brute force starting from the 5th character, and the brute-forced characters will stack at {STP} for the next iteration.