Some tips about sqlmap and sqlmap
There are two methods for POST injection:--dataParameter. The key and value of the post are submitted in the same GET method. Second, use-rParameter: sqlmap reads the POST request packet captured by the user for POST injection detection.
Before viewing payload, I always add a local proxy, and then use burpsuit to check the payload of sqlmap.-vParameters can be implemented. Always think-vOnly control warnings and debug information levels are implemented. Actually used-v 3The injected payload, 4, 5, and 6 are displayed, and the HTTP request, HTTP response header, and page are displayed.
Google search sqlmap can be used to test SQL Injection in google search results. It has powerful functions. Parameters are used.-g. However, I feel that this is rarely used in actual use.
If the request delay is too frequent during the injection process, the request may be intercepted by the firewall.--delayThe parameter takes effect. You can set the latency between two HTTP requests. Some web programs block all requests after multiple incorrect accesses, so that all subsequent tests will fail. Attackers can bypass this policy to use--safe-urlTo access a normal page at intervals.
Some web servers perform url rewrite or the website is pseudo-static and cannot directly provide test parameters.*To replace the parameters to be tested.
Execute system commands when the database supports and the current user has the permission, you can execute system commands and use--os-cmdOr--os-shellSpecifically, when multiple statements can be executed, you will try to use UDF (MySQL, PostgrepSQL) or xp_cmdshell (MSSQL) to execute system commands. If you cannot execute multiple statements, you will still try to create a webshell to execute the statement. In this case, you need the absolute web path. In general, the success rate is low, but individuals also have successful experiences ~
Test level sqlmap usage--levelParameters are used for different comprehensive tests. The default value is 1. Different parameters affect which payload is used. When 2 is used, cookie injection is detected. When 3 is useduseragentDetection.