sqlmap
命令手册Detect and exploit SQL injection flaws. More information: https://sqlmap.org.
python sqlmap.py -u "{{http://www.target.com/vuln.php?id=1}}"
--data
implies POST request):python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --data="{{id=1}}"
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --data="{{query=foobar;id=1}}" --param-del="{{;}}"
User-Agent
from ./txt/user-agents.txt
and use it:python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --random-agent
python sqlmap.py -u "{{http://www.target.com/vuln.php}}" --auth-type {{Basic}} --auth-cred "{{testuser:testpass}}"