Scanning-dirb
- CGI is a common standard for web applications to interact with command-line executables;hence,CGI scripts were the most vulnerable to shellshock attack.
- Exploitation:use*apache_mod_cgi_bash_env_exec*.
SQL injection
- The semicolon(;)metacharacter in a SQL statement is used sililar to how it’s used in command injection to combine multiple queries on the same line.
- One of the most useful SQL statements is the UNION,which combines the results of two statements into one set.can also query data from other tables on the database.The only constraint of using the UNION statement is that the number of columns and the data type in the both the queries should be same:
SELECT id,rackname,value FROM inventory WHERE id=10 UNION SELECT SSN,name,address FROM employees - **If the table that you want to query does not have the same number of columns,have to us
本文详细介绍了使用Kali Linux进行Web渗透的过程,重点讨论了SQL注入的利用方法。从CGI漏洞到盲注检测,再到自动化工具如sqlmap的使用,阐述了如何发现和利用SQL注入漏洞。同时提到了Apache服务器和MySQL数据库的关联,并介绍了Blind SQL注入的检测技巧,以及Burp Suite、sqlmap、BBQSQL、Sqlsus和Sqlninja等工具在渗透测试中的应用。
最低0.47元/天 解锁文章
5034
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
