我试图通过使用PHP运行DOS命令来使用SQLMap.py和PHP。
当我运行程序exec("python2 sqlmap.py -u 'http://public_ip:80/HackThisSite')时,我的命令运行正常,但在给出第一个cmd用户输入后自动退出。我认为粘贴输出应该更清楚
___ ___| |_____ ___ ___ {1.0-dev-nongit-20151019}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:36:32
[11:36:32] [WARNING] you've provided target URL without any GET parameters (e.g. www.site.com/article.php?id=1) and without providing any POST parameters through --data option
do you want to try URI injections in the target URL itself? [Y/n/q]
[11:36:32] [ERROR] user quit
我是否可以阻止从PHP自动退出cmd并响应用户提示?谢谢!
P.S。我知道我的链接中没有提供GET参数,所以请不要在答案中提及。我在命令中使用的链接仅仅是一个测试,我很快将使用带有--data选项的POST数据。