windows下使用SQLMap测试一下是否存在sql注入

按照教程安装好python环境 和SQLMap

https://blog.csdn.net/resilient/article/details/105988717

 

 

抓包组装好需要的数据，data中的数据使用base64编码方式

Content-Length：需要计算好

request.txt

POST https://www.bee.com:8082/login.php HTTP/1.1
Host: www.bee.com:8082:8082
Connection: keep-alive
Content-Length: 215
Origin: https://192.168.6.175:8082
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Referer: https://www.bee.com:8082/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9 

data=%7B%22name%22%3A%221111%22%2C%22oldpwd%22%3A%22YWJjITEyMysx%22%2C%22newpwd%22%3A%22YWJjITEyMys%3D%22%2C%22confirmpwd%22%3A%22YWJjITEyMys%3D%22%7D&url=login.php&to=1&FW_U=1&msg=%E4%BF%AE%E6%94%B9%E5%AF%86%E7%A0%81

 

执行语句

sqlmap.py -r "C:\Users\Administrator\Desktop\request.txt"

 

 

发现没有sql注入点

 

若有sql注入点 则可提示开发人员解决sql注入问题

 

SQLMap还有很多测试技巧 测试方法 具体可以根据需要学习 再测试sql注入问题