java web sqlmapapi,Sqlmap的sqlmapapi.py简单使用

于 2021-03-13 22:17:14 发布
阅读量85 收藏
点赞数
文章标签: java web sqlmapapi

There is currently none :). I‘ll just give you a quick intro.

At server side:

$ python sqlmapapi.py -s -H 0.0.0.0

[19:42:00] [INFO] Running REST-JSON API server at ‘0.0.0.0:8775‘..

[19:42:00] [INFO] Admin ID: cfdd0c84a8ebbccf40a97fe6eaaeac9d

[19:42:00] [DEBUG] IPC database: /tmp/sqlmapipc-QUdQ7m

[19:42:00] [DEBUG] REST-JSON API server connected to IPC database

At client side:

$ curl http://127.0.0.1:8775/task/new

{

"taskid": "4be40bb5e98a03c2",

"success": true

}

$ curl -H "Content-Type: application/json" -X POST -d ‘{"url": "http://testphp.vulnweb.com/artists.php?artist=1"}‘ http://127.0.0.1:8775/scan/4be40bb5e98a03c2/start

{

"engineid": 3068,

"success": true

}

$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/data

{

"data": [],

"success": true,

"error": []

}

$ curl http://127.0.0.1:8775/scan/4be40bb5e98a03c2/log

{

"log": [

{

"message": "testing connection to the target URL",

"level": "INFO",

"time": "19:44:23"

},

{

"message": "testing if the target URL is stable. This can take a couple of seconds",

"level": "INFO",

"time": "19:44:24"

},

{

"message": "target URL is stable",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "testing if GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "confirming that GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:25"

},

{

"message": "GET parameter ‘artist‘ is dynamic",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "heuristic (basic) test shows that GET parameter ‘artist‘ might be injectable (possible DBMS: ‘MySQL‘)",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "testing for SQL injection on GET parameter ‘artist‘",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "testing ‘AND boolean-based blind - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:26"

},

{

"message": "GET parameter ‘artist‘ seems to be ‘AND boolean-based blind - WHERE or HAVING clause‘ injectable ",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.0 AND error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:27"

},

{

"message": "testing ‘MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 4.1 AND error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 5.0 OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:28"

},

{

"message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 4.1 OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL OR error-based - WHERE or HAVING clause‘",

"level": "INFO",

"time": "19:44:29"

},

{

"message": "testing ‘MySQL >= 5.0 error-based - Parameter replace‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL inline queries‘",

"level": "INFO",

"time": "19:44:30"

},

{

"message": "testing ‘MySQL > 5.0.11 stacked queries‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "testing ‘MySQL < 5.0.12 stacked queries (heavy query)‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "testing ‘MySQL > 5.0.11 AND time-based blind‘",

"level": "INFO",

"time": "19:44:31"

},

{

"message": "GET parameter ‘artist‘ seems to be ‘MySQL > 5.0.11 AND time-based blind‘ injectable ",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "testing ‘MySQL UNION query (NULL) - 1 to 20 columns‘",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test",

"level": "INFO",

"time": "19:44:42"

},

{

"message": "target URL appears to have 3 columns in query",

"level": "INFO",

"time": "19:44:43"

},

{

"message": "GET parameter ‘artist‘ is ‘MySQL UNION query (NULL) - 1 to 20 columns‘ injectable",

"level": "INFO",

"time": "19:44:44"

},

{

"message": "the back-end DBMS is MySQL",

"level": "INFO",

"time": "19:44:45"

}

],

"success": true

}

程紫颜
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值