sql-injection - 主机头中的 sqlmap 参数
问题描述
我正在尝试在本地应用程序中使用 sqlmap,但由于参数位于主机标头中,因此无法执行。
POST /myaccounts/password_change/ HTTP/1.1
Host: 127.0.0.1:8000
Content-Length: 286
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:5000
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1:5000/default/information/
Accept-Encoding: gzip, deflate
Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: csrftoken=ZLjeAYwg4WzG3ESFsuJHwmis3TyRKuazLUcALOzaEkaACuvwFfKQ6Qf8WQHfX4dr; sessionid=mt5v50dufdtx2meea23q02lrhsn989us
Connection: close
csrfmiddlewaretoken=3nbkCijj9hy9RQ20Rh5mFHXoBlArtmP8Pw4GN8mdJF93qGFR426vfbU4uiJPGWS0&old_password=kjhkjh&new_password1=create%20table%20myfile%20(input%20TEXT)%3b%20load%20data%20infile%20'%3cfilepath%3e'%20into%20table%20myfile%3b%20select%20%2a%20from%20myfile%3b&new_password2=kjhkjh
解决方案
推荐阅读
- javascript - Chrome Extension has been crashing suddenly
- c# - How to synchronize a list of related entities .NET EF Core
- python - python3 中的 date-from-num 类似
- azure-service-fabric - `diagnosticsStore` 如何在独立服务结构中工作?
- haskell - Haskell错误我该如何解决
- android - 上传/下载文件 CloudRail Android/Dropbox
- c# - 使用 if 语句 c# 选择正确的列表
- r - R中的贬低/均值居中
- java - 从 Java 中的 Firebase 实时数据库中选择随机条目
- python-3.x - 使用 python 停止或嵌入命令提示符窗口