SQLmap

1. SQLMap

2. Options • -v • -h

3. Target: • • • • -d DIRECT -u URL -r REQUESTFILE -l LIST

4. Requests: • --data=DATA • --cookie=COOKIE • --scope=SCOPE

5. Injection • • • • • • -p PARAMETER --dbms=DBMS --os=OS --prfix=PREFIX --suffix=SUFFIX --tamper=TAMPER

6. $query = “SELECT * FROM users WHERE id=(‘ ”.$_GET*‘id’+.” ’) LIMIT 0, 1”; Sqlmap –u URL –p id –prefix “’)” –suffix “AND (‘abc’=abc” $query = SELECT * FROM users WHERE id=(‘1’) <PAYLOAD> AND (‘abc’=‘abc’) LIMIT 0,1”;

7. Detection: • • • • --level=LEVEL (1-5) --risk=RISK (0-3) --string=STRING --regex=REGEX

8. Enumeration • • • • • • • • • • • --current-user --current-db --users --passwords --dbs --tables --columns --dump (all) --replicate --search --sql-query=SQLQUERY

9. Enumeration (cont) • • • • -D DB -T TABLES -C COLUMNS --file-read=FILE

10. General • • • • -s SESSIONFILE --flush-session --update --save

SQLmap

Recommandé

Recommandé

Contenu connexe

Plus de Todd Benson (I.T. SPECIALIST and I.T. SECURITY)

Plus de Todd Benson (I.T. SPECIALIST and I.T. SECURITY) (7)

SQLmap