SQL injection: POST injection

Others 2019-11-26 23:21:40 views: null

POST injected Profile

POST injection is a form of injection, I believe we all know that in previous lessons POST \ GET parameter passing two kinds of ways.
POST injection is to be injected using the POST parameter passing, no different in essence and GET type.

POST-risk injection point

Login box, and data query box and other interactive framed
classic POST injection case: 'or 1 = 1 #

How Sqlmap be injected into the type of SQL injection POST

--forms sqlmap to read the page in the form POST parameter passing Parameter name and then pass SQL injection
-r 1.txt sqlmap read packet files SQL injection, injection can play at a number of tests that point * Tell Sqlmap

post injection

在填写表单的时候提交使用post传参
一般是在用户名框或者密码框尝试

sqlmap如何跑post注入
方法一:sqlmap.py -u http://xxxxxx --form
方法二:通过抓包的方式,保存在文件中,在注入点加上 * 号提示sqlmap,同时有些注入点,是需要登录的状态下的权限,而一般的sqlmap是没有权限的,但是通过抓包的方式存在cookie

Guess you like

Origin www.cnblogs.com/yanlzy/p/11938979.html
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com