当你运行sqlmap的时候,我建议你运行下面命令监控你的web服务器日志
tail -f access.log
<?php
$mysql_server_name="172.16.0.4";
$mysql_username="dbuser";
$mysql_password="dbpass";
$mysql_database="dbname";
$conn=mysql_connect($mysql_server_name, $mysql_username,
$mysql_password);
$strsql="";
if($_GET['id']){
$strsql="select * from `order` where id=".$_GET['id'];
}else{
$strsql="select * from `order` limit 100";
}
echo $strsql;
$result=@mysql_db_query($mysql_database, $strsql, $conn);
$row=mysql_fetch_row($result);
echo '<font face="verdana">';
echo '<table border="1" cellpadding="1" cellspacing="2">';
echo "\n<tr>\n";
for ($i=0; $i<mysql_num_fields($result); $i++)
{
echo '<td bgcolor="#000F00"><b>'.
mysql_field_name($result, $i);
echo "</b></td>\n";
}
echo "</tr>\n";
mysql_data_seek($result, 0);
while ($row=mysql_fetch_row($result))
{
echo "<tr>\n";
for ($i=0; $i<mysql_num_fields($result); $i++ )
{
echo '<td bgcolor="#00FF00">';
echo "$row[$i]";
echo '</td>';
}
echo "</tr>\n";
}
echo "</table>\n";
echo "</font>";
mysql_free_result($result);
mysql_close();
vim ~/.sqlmap/sqlmap.ini [Target] googledork = list = url = http://172.16.0.44/test/testdb.php?id=12 [Request] acred = atype = agent = cookie = data = delay = 0 headers = method = GET proxy = referer = http://www.google.com threads = 1 timeout = 10 useragentsfile = [Miscellaneous] batch = False eta = False sessionfile = updateall = False verbose = 1 [Enumeration] col = db = dumpall = False dumptable = False excludesysdbs = False getbanner = False getcolumns = False getcurrentdb = False getcurrentuser = False getdbs = False getpasswordhashes = False getprivileges = False gettables = False getusers = False isdba = False limitstart = 0 limitstop = 0 query = sqlshell = False tbl = user = [File system] rfile = wfile = [Takeover] osshell = False [Fingerprint] extensivefp = False [Injection] dbms = eregexp = estring = postfix = prefix = regexp = string = testparameter = [Techniques] stackedtest = False timetest = False utech = uniontest = False unionuse = False
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。
