File http-sql-injection

脚本使用类型: portrule
脚本所属分类: intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/http-sql-injection.nse

User Summary

Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. It also extracts forms from found websites and tries to identify fields that are vulnerable.

The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool.

We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites.

Script Arguments

httpspider.maxdepth, httpspider.maxpagecount, httpspider.noblacklist, httpspider.url, httpspider.useheadfornonwebfiles, httpspider.withindomain, httpspider.withinhost

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

Example Usage

执行格式

nmap -sV --script=http-sql-injection <target>

Requires

• http
• httpspider
• io
• nmap
• shortport
• stdnse
• string
• table
• url

Author: Eddie Bell, Piotr Olma

License: VER007 整理 http://www.ver007.com

portrule

portrule (host, port)

Parameters

• host:
• port: