DWVA Tutorial (iv)--sql injection (Post)

Objective

First let me write the post method to implement SQL injection I refused.

But I've promised before.

Although post method injection is relatively simple

But I still want to summarize more post injection methods and ideas here.

Although there is no post injection in the DWVA

But because it belongs to the basic course, I incorporated the content into the Dwva tutorial.

In general, post injection is mainly 2+1,

However, this gives the entire network exclusive content, full of dry goods.

Alas, why is 2+1?

(i) with burp Suite capture package Injection

Idea: Grab the post package with Burpsuite and save it as a post.txt file

Direct Sqlmap-r Post.txt

Start the injection test

(ii) automatic search form

Sqlmap.py-u URL--forms

Official:--forms:parse and Test forms on target URL

In fact, the automatic search form operation is the use of Sqlmap to replace the Burpsuite function of the packet capture function

Once the post package is found, you will receive a prompt: Do you want to test the this form? [y/n/q]

After carriage return (Y), an injection test is automatically made using the selected post package

(c) Dry Goods: parameter-P/--data?

- P Parameters official:-p:testparameter testable parameter (s)

The-P function is opposed to the--skip function, sqlmap tests all get and post parameters by default, and when the value of--level is greater than or equal to 2, the value of the HTTP cookie header is also tested, and user-agent and HTTP are tested when greater than or equal to 3 The value of the Referer header. But you can manually set the parameters you want to test with the-p parameter. For example:-P "Id,user-anget", you can use the--skip parameter when you use--level with a large value but have individual parameters that you do not want to test. Example:--skip= "User-angent.referer"

That is, the-p parameter applies to the case specified by all parameters, and can specify multiple parameters at the same time as-P "B".

Example:

Sqlmap-r Post.txt-p "A, B"

Sqlmap-u Url-p "A, B"

Note that this parameter does not need to be assigned a value

--data=data Parameters Official:--data=data:data string to be sent through post (send data string via post)

This parameter submits the data as post, and Sqlmap detects the post parameters as if it were a get parameter.

This means that the parameter can only be used in the injection vulnerability of post.

Example:

Sqlmap-u URL--data= "A=1,b=1"

Note that the parameter needs to be assigned

So!!! It's almost time for defeating to ....

Cough, it is obvious that the-p parameter is more universal and difficult to use than the--data parameter,

So what is the meaning of the--data parameter?

Dry Goods Continue ~

In our penetration testing work, occasionally the-R parameter does not run out of the situation

Of course, the--forms parameter would be a failure,

As we've said before, the two methods are the same principle, just get the package path different

Let's take a closer look at the parameters in the post package

You will find that the parameter types are also differentiated

First type body:

Parameter 1=value1& parameter 2=value2 .....

This is the type is our common type, the-r/--forms parameters can be resolved normally

Second body:

--c7eb38bf-7ea1-4fbc-836a-47ceafdfd30acontent-disposition:form-data; name= "Page"content-length:11--c7eb38bf-7ea1-4fbc-836a-47ceafdfd30acontent-disposition:form-data; name= "Search"content-length:1QQQQQ--c7eb38bf-7ea1-4fbc-836a-47ceafdfd30a--This type requires sqlmap-u URL--data= "Name=value" to resolve----------------------------------------------------------------------------------------------------------- --cough, explain the code layer, give me a minute .Welcome to the small partners to discuss with me ... Take a day to confirm the small details, just want to provide you with a bit of real dry goods here thanks to the Organization's small partners: Parrot Security

I can lose a personal public number weak, fan too little has been no passion for writing,

If you like technology, like Parrotsec, like two times, look forward to meet you.

It's not what Lori controls, just like the girl paper happened to be Lori, hum ~

DWVA Tutorial (iv)--sql injection (Post)