Article Directory
10.5. SQLMap usage
installationgit clone https://github.com/sqlmapproject/sqlmap.git sqlmap
10.5.1. Common parameters
-
-u --url
Specify the target url -
-m
Acquiring a plurality of scan target from the text
--r
Load HTTP request from a file -
--data
Submit data by POST -
-random-agent
Random ua -
--user-agent
Designated ua -
--delay
Set the delay between requests -
--timeout
Specify timeout period
---dbms
specify db, db supported by sqlmap include MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, etc. -
--os
Specify the database server operating system
---tamper
specify tamper -
--level
Specify detection level -
--risk
Assign risk level -
--technique
Injection technique- B: Boolean-based blind SQL injection
- E: Error-based SQL injection
- U: UNION query SQL injection
- S: Stacked queries SQL injection
- T: Time-based blind SQL injection
10.5.2. Tamper Quick Look
Screenplay name | effect |
---|---|
apostrophemask.py | Use utf8 instead of quotation marks |
equaltolike.py | like instead of equal sign |
space2dash.py | Bypass the filter'=' replace the space character ("), (''-') followed by a dash comment, a random string and a new line ('n') |
greatest.py | Bypass the filter'>' and replace the greater than sign with GREATEST. |
space2hash.py | Replace spaces with # random strings and line breaks |
apostrophenullencode.py | Bypass filtering double quotes, replace characters and double quotes. |
halfversionedmorekeywords.py | When the database is mysql, bypass the firewall, add mysql version comments before each keyword |
space2morehash.py | Replace spaces with # signs and more random string newlines |
appendnullbyte.py | Load zero-byte character encoding at the end of the payload |
ifnull2ifisnull.py | Bypass IFNULL filtering. Replace something like'IFNULL(A, B)' with'IF(ISNULL(A), B, A)' |
space2mssqlblank.py | Replace spaces with other empty symbols |
base64encode.py | Replace with base64 encoding |
space2mssqlhash.py | Replace spaces |
modsecurityversioned.py | Filter spaces and include complete query version comments |
space2mysqlblank.py | Replace other blank symbols with spaces (mysql) |
between.py | Replace the greater than sign (>) with between |
space2mysqldash.py | Replace space characters (") ('-') followed by a dash to comment a new line ('n') |
multiplespaces.py | Add multiple spaces around SQL keywords |
space2plus.py | Replace spaces with + |
bluecoat.py | Replace the SQL statement with a valid random blank character after the space character. Then replace = with like |
nonrecursivereplacement.py | Replace the predefined SQL keyword with means suitable for replacement (for example, .replace("SELECT", "")) filters |
space2randomblank.py | Replace the space character ("") with a valid set of optional characters from a random white space character |
sp_password.py | Append sp_password' from the end of the payload of the automatic obfuscation of the DBMS log |
chardoubleencode.py | Double URL encoding (do not handle encoding) |
unionalltounion.py | Replace UNION ALL SELECT UNION SELECT |
charencode.py | url encoding |
randomcase.py | Random case |
unmagicquotes.py | Wide character bypass GPC addslashes |
randomcomments.py | With /**/ split sql keyword |
charunicodeencode.py | String unicode encoding |
securesphere.py | Append a special string |
versionedmorekeywords.py | Comment bypass |
space2comment.py | Replaces space character' ' with comments /**/ |