Soumettre la recherche
Mettre en ligne
SQLmap
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
2,542 vues
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Suivre
Overview of SQLmap and it's settings
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 10
Télécharger maintenant
Recommandé
Novatadas en java
Novatadas en java
wmca28
Miniray.php
Miniray.php
maeeeng69
Minishell
Minishell
hacker indonesia
es6.concurrency()
es6.concurrency()
Ingvar Stepanyan
Introduction to Service Worker
Introduction to Service Worker
Shogo Sensui
Sqlmap
Sqlmap
Institute of Information Security (IIS)
Owasp consumer top 10 safe habits
Owasp consumer top 10 safe habits
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Recommandé
Novatadas en java
Novatadas en java
wmca28
Miniray.php
Miniray.php
maeeeng69
Minishell
Minishell
hacker indonesia
es6.concurrency()
es6.concurrency()
Ingvar Stepanyan
Introduction to Service Worker
Introduction to Service Worker
Shogo Sensui
Sqlmap
Sqlmap
Institute of Information Security (IIS)
Owasp consumer top 10 safe habits
Owasp consumer top 10 safe habits
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Sar writingv2
Sar writingv2
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Defending web applications v.1.0
Defending web applications v.1.0
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Application Context and Discovering XSS without
Application Context and Discovering XSS without
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Regex 101
Regex 101
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Overview of java web services
Overview of java web services
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Becoming a better pen tester overview
Becoming a better pen tester overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
SSL overview
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Contenu connexe
Plus de Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Sar writingv2
Sar writingv2
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Defending web applications v.1.0
Defending web applications v.1.0
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Application Context and Discovering XSS without
Application Context and Discovering XSS without
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Regex 101
Regex 101
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Overview of java web services
Overview of java web services
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Becoming a better pen tester overview
Becoming a better pen tester overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
SSL overview
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Plus de Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
(7)
Sar writingv2
Sar writingv2
Defending web applications v.1.0
Defending web applications v.1.0
Application Context and Discovering XSS without
Application Context and Discovering XSS without
Regex 101
Regex 101
Overview of java web services
Overview of java web services
Becoming a better pen tester overview
Becoming a better pen tester overview
SSL overview
SSL overview
SQLmap
1.
SQLMap
2.
Options • -v • -h
3.
Target: • • • • -d DIRECT -u URL -r
REQUESTFILE -l LIST
4.
Requests: • --data=DATA • --cookie=COOKIE •
--scope=SCOPE
5.
Injection • • • • • • -p PARAMETER --dbms=DBMS --os=OS --prfix=PREFIX --suffix=SUFFIX --tamper=TAMPER
6.
$query = “SELECT
* FROM users WHERE id=(‘ ”.$_GET*‘id’+.” ’) LIMIT 0, 1”; Sqlmap –u URL –p id –prefix “’)” –suffix “AND (‘abc’=abc” $query = SELECT * FROM users WHERE id=(‘1’) <PAYLOAD> AND (‘abc’=‘abc’) LIMIT 0,1”;
7.
Detection: • • • • --level=LEVEL (1-5) --risk=RISK (0-3) --string=STRING --regex=REGEX
8.
Enumeration • • • • • • • • • • • --current-user --current-db --users --passwords --dbs --tables --columns --dump (all) --replicate --search --sql-query=SQLQUERY
9.
Enumeration (cont) • • • • -D DB -T
TABLES -C COLUMNS --file-read=FILE
10.
General • • • • -s SESSIONFILE --flush-session --update --save
Télécharger maintenant