SQLMAP在响应中不匹配字符串

发布于 2025-02-10 16:04:42 字数 700 浏览 2 评论 0原文

我正在使用SQLMAP进行测试SQL注射在登录表单上，当服务器验证凭据验证时，它将返回HTTP 200状态代码和响应主体：{“代码”：1} ）或{“代码”：0}（在无效的凭据）上。

由于状态代码始终为200，我需要SQLMAP来查找身体中的该字符串，因此我找到了以下参数：

- 字符串=字符串匹配到查询到true时）

我是这样使用的： sqlmap -u https：//example.com/login-method =“ post” - -data“ user = 1＆amp; password = 2” - text -lyly -snly -string ='{“ code”：0：0 }'-v 6

但是，当SQLMAP接收{“代码”：1}从服务器忽略它而不是将其作为成功的注入。

我做错了什么，或者关于如何在响应中匹配该字符串的想法？

这是完整的服务器响应：

HTTP/1.1 200 OK
Server: Apache/2.4.25 (Debian)
Content-Length: 15
Connection: close
Content-Type: text/html; charset=UTF-8

{"code":0}

预先感谢。

原文

I'm using SQLMap for test SQL Injections on a login form, when the server validates credentials it returns an HTTP 200 Status Code and in the response body: {"code":1} (on valid credentials) or {"code":0} (on invalid credentials).

Since the status code is always 200 I need SQLMap to look for that string in the body, I found the following parameter:

--string=STRING String to match when query is evaluated to True)

I'm using it like this:
sqlmap -u https://example.com/login --method="POST" --data "user=1&password=2" --text-only --string='{"code":0}' -v 6

But when SQLMap receives {"code":1} from the server just ignores it instead of detecting it as a successful injection.

Is there something I'm doing wrong or any ideas of how can I match that string in the response?

Here is the full server response:

HTTP/1.1 200 OK
Server: Apache/2.4.25 (Debian)
Content-Length: 15
Connection: close
Content-Type: text/html; charset=UTF-8

{"code":0}

Thanks in advance.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

伴我心暖 2025-02-17 16:04:42

我知道这很晚，但也许会对某人有所帮助。
根据SQLMAP帮助（SQLMAP -HH），您可以通过成功或失败响应中的内容过滤响应，还可以代码或成功的代码或标题。

--string=STRING     String to match when query is evaluated to True
--not-string=NOT..  String to match when query is evaluated to False
--regexp=REGEXP     Regexp to match when query is evaluated to True
--code=CODE         HTTP code to match when query is evaluated to True
--smart             Perform thorough tests only if positive heuristic(s)
--text-only         Compare pages based only on the textual content
--titles            Compare pages based only on their titles

在您的情况下，它将是

sqlmap ...--弦'{“ code”：1}'
或者
sqlmap ...---not-string'{“ code”：0}'

简约版本也应起作用
sqlmap ...-弦乐'1'

I know it's quite late but maybe it will help someone.
According to sqlmap help (sqlmap -hh) you can filter responses via content in successful or failed response and also code or title of successful one.

--string=STRING     String to match when query is evaluated to True
--not-string=NOT..  String to match when query is evaluated to False
--regexp=REGEXP     Regexp to match when query is evaluated to True
--code=CODE         HTTP code to match when query is evaluated to True
--smart             Perform thorough tests only if positive heuristic(s)
--text-only         Compare pages based only on the textual content
--titles            Compare pages based only on their titles

In your case it would be

sqlmap ... --string '{"code":1}'
or
sqlmap ... --not-string '{"code":0}'

minimalist version should work too
sqlmap ... --string '1'

回复收藏 0 原文

~没有更多了~