Sqlmap traffic collection

Question

Sqlmap traffic collection

I am trying to understand how SQLmap works.

For example, sqlmap finds an injection on my site -

Place: GET
Parameter: selected
    Type: UNION query
    Title: MySQL UNION query (NULL) - 5 columns
    Payload: act=il&ed=1' LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a6,0x579786e676651,0x373a), NULL, NULL, NULL, NULL#

With SQLmap, I can dump databases, but how to delete the same databases from the browser? I tried to put the following link in a browser, but that didn't work -

http://www.site.com/index.php?act=il&ed=1' LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a6,0x579786e676651,0x373a), NULL, NULL, NULL, NULL#

In my browser I am not getting any result. I try to put / ** / and + etc. in different ways, But suck.

How to get links that Sqlmap sends for penetration test?
How to use a simple select version () query with this injection?
Perhaps this does not work?

+5

sql sql injection penetration testing sqlmap

Dmitrij Holkin Aug 11 '12 at 14:02

source share

2 answers

, sqlmap.

-v=4

: https://github.com/sqlmapproject/sqlmap/wiki/Usage#output-verbosity

: -v
. . - 1, , , , Python ( ).
0: , Python.
1: .
2: .
3: .
4: HTTP-.
5: HTTP-.
6: HTTP-.

+2

heidi123p 28 . '13 2:49

Mark Hillick · Accepted Answer · 2012-08-23T13:42:38+0000

, ( ), URL-, , SQL .

, SQLmap, tcpdump/tshark/wireshark , , . , . , -

sudo tcpdump -s0 -Xnnpi eth0 -w /var/tmp/sqlmap.pcap port 80

.

, Wireshark eth0. Application Layer Wireshark.

, , URL-, , - , . . SQL- URL- , -.

, sqlmap , .

: , , .

Sqlmap traffic collection

More articles: