Several methods of SQL de-Library

Source: Internet
Author: User
Tags sqlite database

when SQL injection is discovered, there are several ways to de-Library: (1) when the target host supports external connection, use Navicat to connect! At that time, the target host is different, the Navicat kind is used:mysql:navicat for MySQLoracle:navicat for Oraclefull version of Navicat Premium with support for MySQL, Oralce, PostgreSQL, Sqlit and SQL Server.  add: MySQL port default: 3306,mssql Default port: 1433, Oracle default port: 1521 when using Navicat to connect to the database, select the table you want to take off the library, and right-click Export.  (2) When we have permission, we can upload the script to take off the library, of course, here Navicat also provides the script. Navicat's installation directory has ntunnel_mysql.php ntunnel_pgsql.php and ntunnel_sqlite.php, which support three files for Mysql,postresql and the SQLite database using an HTTP channel connection, the specific use process is:1. Upload the ntunnel_mysql.php to the root of the target machine, then open navicate, click "New Connection"-"MySQL", select the HTTP tab, tick "Use HTTP Channel", and write the Ntunnel_ in the "Channel address" field. mysql.php URL, other to keep the default, and then return to the Regular tab, fill in the link name, user and password, it is necessary to note that the IP address of the connection needs to write "Localhost" or "127.0.0.1".  (3) cannot connect remotely when SQL injection! First we use SQLMAP for injection and use the appropriate input commands such as--current_db to derive the current database name, using--databases to derive the table--columns in the current database to derive the column names in the current database. Use the--dump parameter to download the selected data locally.  when using the MySQL--dump operation fails, we can inject with the Sqlmap mate Burpsuit. The specific process is as follows:
1. First we use Sqlmap to test, when the database name is detected, after the use of the--count parameter, the table is counted the number of data, recorded as N. 2. Take the user table as an example, we inject the number of data bars in the user table, and view the ID in the database table as the primary key, and increment. This is where we can construct the injected statement, and use BP to grab the packet, send the packet capture information to intruder, in the position module, set the ID as a variable, in the payloads module, the payloads type to numbers, and set the value to n from 0 to the previous. 3. Select the captured data, click Add in the option--Grep extract module, then select "Fetch Response" in the New interface that pops up to get the return information, and then select what you want to crawl. BP automatically generates regular expressions based on the selected content, and when the regular expression is set, click OK to continue adding the data you want. 4. Select intruder--start attack begin to go to data, after the data crawl is finished, select save--"Result Table" to save the interface of the exported data.

Several methods of SQL de-Library

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.