Purpose :
Learn to use sqlmap and complete a sql injection.
Experimental Tools:
sqlmap, Firefox
lab environment:
A server (windows server 2003)
A client (windows server 2003), Destination Address: https://www.aa.com/wcms/show.php?id=33
Experimental Procedure:
One: Open the URL manually check for the injection point
https://www.aa.com/wcms/show.php?id=33 page correctly
https://www.aa.com/wcms/show.php?id=33 normal error
Indicating the presence injection vulnerability, sqlmap be injected below.
Second, the use sqlmap to determine whether there are loopholes injection (mainly to see whether the return information)