SQLMAP之漏洞服务器
准备工具
1、kali 系统IP 10.10.10.131
2、受害网站
3、使用工具sqlmap
步骤:
1、登录受害网站
网址设置为
出现Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in E:\WWW\techdetail.php on line 8 (这里就是mysql数据库,找到sql注入点)
2、使用sqlmap工具模块进行扫描
root@kali:~# sqlmap -u 
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
3、判断是否为数据库管理员用户
root@kali:~# sqlmap -u
4、使用 --table参数查看
root@kali:~# sqlmap -u
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
1654
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
