知乎专栏 |
当你运行sqlmap的时候,我建议你运行下面命令监控你的web服务器日志
tail -f access.log
<?php $mysql_server_name="172.16.0.4"; $mysql_username="dbuser"; $mysql_password="dbpass"; $mysql_database="dbname"; $conn=mysql_connect($mysql_server_name, $mysql_username, $mysql_password); $strsql=""; if($_GET['id']){ $strsql="select * from `order` where id=".$_GET['id']; }else{ $strsql="select * from `order` limit 100"; } echo $strsql; $result=@mysql_db_query($mysql_database, $strsql, $conn); $row=mysql_fetch_row($result); echo '<font face="verdana">'; echo '<table border="1" cellpadding="1" cellspacing="2">'; echo "\n<tr>\n"; for ($i=0; $i<mysql_num_fields($result); $i++) { echo '<td bgcolor="#000F00"><b>'. mysql_field_name($result, $i); echo "</b></td>\n"; } echo "</tr>\n"; mysql_data_seek($result, 0); while ($row=mysql_fetch_row($result)) { echo "<tr>\n"; for ($i=0; $i<mysql_num_fields($result); $i++ ) { echo '<td bgcolor="#00FF00">'; echo "$row[$i]"; echo '</td>'; } echo "</tr>\n"; } echo "</table>\n"; echo "</font>"; mysql_free_result($result); mysql_close();
vim ~/.sqlmap/sqlmap.ini [Target] googledork = list = url = http://172.16.0.44/test/testdb.php?id=12 [Request] acred = atype = agent = cookie = data = delay = 0 headers = method = GET proxy = referer = http://www.google.com threads = 1 timeout = 10 useragentsfile = [Miscellaneous] batch = False eta = False sessionfile = updateall = False verbose = 1 [Enumeration] col = db = dumpall = False dumptable = False excludesysdbs = False getbanner = False getcolumns = False getcurrentdb = False getcurrentuser = False getdbs = False getpasswordhashes = False getprivileges = False gettables = False getusers = False isdba = False limitstart = 0 limitstop = 0 query = sqlshell = False tbl = user = [File system] rfile = wfile = [Takeover] osshell = False [Fingerprint] extensivefp = False [Injection] dbms = eregexp = estring = postfix = prefix = regexp = string = testparameter = [Techniques] stackedtest = False timetest = False utech = uniontest = False unionuse = False