SQLMap not yet installed, you can see here: https://blog.csdn.net/weixin_45254208/article/details/104697014
1.sqlmap database connection
- Service database MySQL, Oracle
python sqlmap.py -d "mysql://用户名:密码@地址:端口/数据库名" -f --banner --dbs --users
-f 演示广泛的DBMS版本指纹
--dbs 枚举DBMS数据库
--users 枚举DBMS用户
-b,--banner 检索DBMS的banner信息
See more sqlmap command https://www.cnblogs.com/insane-Mr-Li/p/11272188.html
- File database SQLite
slightly ......
2.sqlmap target url
使用命令-u,--url
python sqlmap.py -u "http://127.0.0.1/sqli-labs-master/Less-1/?id=1" --banner
3.sqlmap read different file types SQL injection
- Read from the multi-line text format files, a plurality of targets, a plurality of target detection, the parameter is -m
First create a desktop target.txt file, the file contains multiple url, I am here to write only two
can then be probed
python sqlmap.py -m "文件路径" --banner
Enter Y selected by default
the first probe url finished, press ENTER to continue detecting the second url
- The HTTP request is stored in a file, the parameters -r
After first enter into the Network http://127.0.0.1/sqli-labs-master/Less-1/,F12, then refresh, click the Less-1 /
scroll down to find Requeat Headers, and then click view source
will request the following information copy down, or stored in target.txt in (a text file for testing purposes only, random file name)
will be replaced by -r parameter on the line
python sqlmap.py -r "文件路径" --banner
The results error, the error message: does not contain a usable HTTP request ( HTTP request does not contain available), after examination, I found no target url parameters, did not interact with the database will not detect sqlmap.
Then add parameters Repeat the previous operation to save the content to view source in target.txt
Enter the command again to probe a success
- Target detection read from the configuration file sqlmap.conf, the parameter is -c
Read my installation tutorial to know my sqlmap file is placed python2 below (nonsense), I heard that now is not dependent sqlmap python2, and there python3 is OK, but I did not go to explore
the following command, direct detection start will complain
python sqlmap.py -c sqlmap.conf
After the need to open the file can modify parameters and save the
try after modification
ojbk