利用sqlmap进行POST注入,常见的有三种方法:
注入方式一:
1.用Burp抓包,然后保存抓取到的内容。例如:保存为post.txt,然后把它放至某个目录下
2.列数据库:
sqlmap.py -r "c:\Users\fendo\Desktop\post.txt" -p n --dbs
注:-r表示加载一个文件,-p指定参数
其中出现了三次提示:
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]
它看起来像后端DBMS是'mysql'。 是否要跳过特定于其他DBMS的测试负载? [Y/n] 输入"Y"
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]