{"id":349,"date":"2024-03-12T22:14:05","date_gmt":"2024-03-12T14:14:05","guid":{"rendered":"http:\/\/www.ccwifi.cc\/blogs\/?p=349"},"modified":"2024-03-12T22:14:05","modified_gmt":"2024-03-12T14:14:05","slug":"sqlmap-%e6%ba%90%e7%a0%81%e9%98%85%e8%af%bb%e4%b8%8e%e6%b5%81%e7%a8%8b%e5%88%86%e6%9e%90","status":"publish","type":"post","link":"https:\/\/www.ccwifi.cc\/blogs\/2024\/03\/12\/sqlmap-%e6%ba%90%e7%a0%81%e9%98%85%e8%af%bb%e4%b8%8e%e6%b5%81%e7%a8%8b%e5%88%86%e6%9e%90\/","title":{"rendered":"sqlmap \u6e90\u7801\u9605\u8bfb\u4e0e\u6d41\u7a0b\u5206\u6790"},"content":{"rendered":"<div>\n<p>\u5728\u7ebfwifi\u8dd1\u5305 \u91d1\u521a\u5305\u8dd1\u5305 cap\u8dd1\u5305 hccapx ewsa\u5728\u7ebf \u5c31\u6765 <strong><a href=\"https:\/\/ccwifi.cc\" target=\"_blank\" rel=\"noopener\">\u66f9\u64cdwifi<\/a><\/strong><\/p>\n<p>\u5404\u4f4d\u597d \u53c8\u89c1\u9762\u4e86 \u6211\u662f\u66f9\u64cd \u4eca\u5929\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7\u65b0\u7684\u6559\u7a0b<\/p>\n<p>\u5e0c\u671b\u5404\u4f4d\u7ec6\u5fc3\u5b66\u4e60 \u4f4e\u8c03\u7528\u7f51<\/p>\n<\/div>\n<pre><code>docker&nbsp;pull&nbsp;acgpiano\/sqli-labs<br>docker&nbsp;run&nbsp;-dt&nbsp;--name&nbsp;sqli-lab&nbsp;-p&nbsp;[PORT]:80&nbsp;acgpiano\/sqli-labs:latest<\/code><\/pre>\n<p>0x01 \u524d\u8a00<\/p>\n<p>\u8fd8\u662f\u4ee3\u7801\u529f\u5e95\u592a\u5dee\uff0c\u6240\u4ee5\u60f3\u5c1d\u8bd5\u9605\u8bfb sqlmap \u6e90\u7801\u4e00\u4e0b\uff0c\u5e76\u4e14\u81ea\u5df1\u7528 golang \u91cd\u6784\uff0c\u5230\u540e\u9762\u4f1a\u8fdb\u884c ysoserial \u7684\u6539\u5199\uff1b\u4ee5\u53ca xray \u7684\u91cd\u6784\uff0c\u5f53\u7136\u90a3\u4e2a\u5e94\u8be5\u4f1a\u5f88\u591a\u53c2\u8003 cel-go \u9879\u76ee<\/p>\n<p>0x02 \u73af\u5883\u51c6\u5907<\/p>\n<p>sqlmap \u7684\u9879\u76ee\u5730\u5740\uff1a\u7528 pycharm \u6253\u65ad\u70b9\u8c03\u8bd5\uff0c\u56e0\u4e3a vscode \u7528\u6765\u8c03\u8bd5\u6bd4\u8f83\u9ebb\u70e6\u3002<\/p>\n<p>\u56e0\u4e3a\u8981\u52a8\u8c03\uff0c\u6240\u4ee5\u9700\u8981\u4e00\u4e2a sql \u6ce8\u5165\u7684\u9776\u573a\uff0c\u8fd9\u91cc\u76f4\u63a5\u9009\u7528\u7684\u662f sql-labs\uff0c\u7528 docker \u8d77<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_0.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<pre><code>-u&nbsp;<span>\"http:\/\/81.68.120.14:3333\/Less-1\/?id=1\"<\/span>&nbsp;-technique=E&nbsp;--dbs<\/code><\/pre>\n<p>\u6700\u540e\u8fd8\u9700\u8981\u91cd\u65b0\u914d\u7f6e\u4e00\u4e0b\u6570\u636e\u5e93\uff0c\u7136\u540e\u624d\u80fd\u4ee5 sqli-labs \u4e3a\u9776\u573a\u8fdb\u884c\u6d4b\u8bd5\u3002<\/p>\n<p>\u8fd9\u91cc\u4e5f\u6302\u4e00\u4e0b sqlmap \u5bf9\u5e94\u7684\u4e00\u4e9b\u57fa\u7840\u64cd\u4f5c \u2014\u2014\u2014\u2014 \u76f4\u63a5\u5728 pycharm \u7684 Debug \u4e0b\u8fdb\u884c\u8c03\u8bd5\uff0c\u8bbe\u7f6e\u53c2\u6570\u5982\u4e0b\uff0c\u5f00\u59cb\u8c03\u8bd5<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_1.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_2.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>0x03 sqlmap \u6e90\u7801\u9605\u8bfb<\/p>\n<p>\u5728\u5f00\u59cb\u4e4b\u524d\u6211\u4eec\u6709\u5fc5\u8981\u786e\u8ba4\u4e00\u4e0bsqlmap \u8fd0\u884c\u7684\u6d41\u7a0b\u56fe\uff0c\u5f88\u91cd\u8981\uff01\u8fd9\u6837\u6709\u52a9\u4e8e\u6211\u4eec\u8fdb\u4e00\u6b65\u5206\u6790\u6e90\u7801\u3002<\/p>\n<ol>\n<li>\u521d\u59cb\u5316<\/li>\n<\/ol>\n<p>\u5728sqlmap.py\u7684 main \u51fd\u6570\u4e0b\u65ad\u70b9\uff0c\u5f00\u59cb\u8c03\u8bd5<\/p>\n<p>\u5728\u6ca1\u6709\u5bf9 URL \u8fdb\u884c\u53d1\u5305\/\u63a2\u6d4b\u7684\u65f6\u5019 sqlmap \u4f1a\u5148\u5bf9\u4e00\u4e9b\u73af\u5883\u3001\u4f9d\u8d56\u3001\u53d8\u91cf\u6765\u505a\u4e00\u4e9b\u521d\u59cb\u5316\u7684\u5904\u7406<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_3.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5f80\u4e0b\uff0c\u901a\u8fc7cmdLineParser()\u83b7\u53d6\u53c2\u6570\uff0ccmdLineParser()\u901a\u8fc7argparse\u5e93\u8fdb\u884c CLI \u7684\u6253\u5370\u4e0e\u83b7\u53d6\uff0c\u7c7b\u4f3c\u7684\u4e00\u4e2a\u5c0f\u9879\u76ee\u6211\u4e4b\u524d\u4e5f\u6709\u63a5\u89e6\u8fc7<\/p>\n<p>\u5f80\u4e0binitOptions(cmdLineOptions)\u89e3\u6790\u547d\u4ee4\u884c\u53c2\u6570<\/p>\n<p>init\u51fd\u6570\uff1a\u521d\u59cb\u5316<\/p>\n<p>\u5728init()\u51fd\u6570\u4e2d\u901a\u8fc7\u8c03\u7528\u5404\u79cd\u51fd\u6570\u8fdb\u884c\u53c2\u6570\u7684\u8bbe\u7f6e\u3001payload \u7684\u52a0\u8f7d\u7b49\uff0c\u6709\u5174\u8da3\u7684\u5e08\u5085\u53ef\u4ee5\u70b9\u8fdb\u53bb\u9605\u8bfb\u4e00\u4e0b\u3002<\/p>\n<pre><code>loadBoundaries()&nbsp;&nbsp;\/\/&nbsp;\u52a0\u8f7d\u95ed\u5408\u7b26\u96c6\u5408<br>loadPayloads()&nbsp;&nbsp;&nbsp;&nbsp;\/\/&nbsp;\u52a0\u8f7d&nbsp;payload&nbsp;\u96c6\u5408<br>_loadQueries()&nbsp;&nbsp;&nbsp;&nbsp;\/\/&nbsp;\u52a0\u8f7d\u67e5\u8be2\u8bed\u53e5\uff0c\u5728\u68c0\u6d4b\u5230\u6ce8\u5165\u70b9\u4e4b\u540e\u540e\u7eed\u8fdb\u884c\u6570\u636e\u5e93\u5e93\u540d\u5b57\u6bb5\u540d\u7206\u7834\u4f1a\u7528\u5230\u7684\u8bed\u53e5<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_4.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5176\u4e2d\u8fd9\u4e09\u4e2a\u76f8\u5bf9\u6bd4\u8f83\u91cd\u8981\uff0c\u662f\u7528\u6765\u52a0\u8f7d payload \u7684 \u2014\u2014\u2014\u2014loadBoundaries()\u3001loadPayloads()\u3001_loadQueries()\uff0c<\/p>\n<p>\u4e0b\u4e2a\u65ad\u5148\u70b9\u8c03\u8bd5\u4e00\u4e0bloadBoundaries()\u51fd\u6570<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_5.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_6.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_7.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u9996\u5148\uff0c\u4f1a\u53bb\u52a0\u8f7dpaths.BOUNDARIES_XML\uff0c\u4e5f\u5c31\u662fdata\/xml\/boundaries.xml<\/p>\n<p>\u63a5\u7740\u8fdb\u5165\u89e3\u6790 XML \u6587\u4ef6\u7684\u90e8\u5206\uff0c\u8ddf\u8fdbparseXmlNode(root)<\/p>\n<p>\u6700\u7ec8\u6dfb\u52a0\u5230 conf \u5bf9\u8c61\u7684 tests \u5c5e\u6027\u91cc<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_8.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_9.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_10.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6b64\u65f6\u6211\u4eec\u8fd8\u53ef\u4ee5\u770b\u4e00\u4e0bconf\u662f\u4ec0\u4e48<\/p>\n<p>conf \u5c5e\u6027\u4e2d\u4e3b\u8981\u5b58\u50a8\u4e86\u4e00\u4e9b\u76ee\u6807\u7684\u76f8\u5173\u4fe1\u606f\uff08hostname\u3001path\u3001\u8bf7\u6c42\u53c2\u6570\u7b49\u7b49\uff09\u4ee5\u53ca\u4e00\u4e9b\u914d\u7f6e\u4fe1\u606f\uff0cinit \u52a0\u8f7d\u7684 payload\u3001\u8bf7\u6c42\u5934 header\u3001cookie \u7b49<\/p>\n<p>init()\u51fd\u6570\u6267\u884c\u5b8c\u6bd5\u540e\uff0c\u5c31\u4f1a\u6765\u5230start()\u51fd\u6570\u8fdb\u884c\u9879\u76ee\u7684\u6b63\u5f0f\u8fd0\u884c\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_11.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u521d\u59cb\u5316\u529f\u80fd\u70b9\u5c0f\u7ed3<\/p>\n<p>\u7b80\u5355\u6982\u62ec\u4e00\u4e0b\u521d\u59cb\u5316\u90e8\u5206\u7684\u4ee3\u7801\u505a\u4e86\u4ec0\u4e48\u4e8b<\/p>\n<ol start=\"2\">\n<li>URL \u5904\u7406<\/li>\n<\/ol>\n<p>f8 \u4e0b\u6765\uff0c\u5148\u5230\u7684\u662fthreadData = getCurrentThreadData()\uff0c\u7ee7\u7eed\u5f80\u4e0b\u8d70\uff0c\u5230result = f(*args, **kwargs)\u4ee3\u7801\u5757\uff0c\u8ddf\u8fdb\u4e00\u4e0b<\/p>\n<p>\u4ee3\u7801\u903b\u8f91\u6b64\u65f6\u6765\u5230\u4e86\/lib\/controller\/controller.py\u4e0b\uff0c\u5f80\u4e0b\u8d70\uff0c\u662f\u4e0d\u4f1a\u8fdb\u5230conf.direct\u548cconf.hashFile\u4e2d\u7684\uff0c\u4f1a\u76f4\u63a5\u8fdb\u5165\u5230kb.targets.add()\u7684\u4ee3\u7801\u903b\u8f91\u91cc\u9762\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_13.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_14.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6b64\u5904\u7684 kb \u53d8\u91cf\u7684\u4f5c\u7528\u662f\u5171\u4eab\u4e00\u4e9b\u5bf9\u8c61\uff0c\u5176\u5b9e\u672c\u8d28\u4e0a\u662f\u4fdd\u5b58\u4e86\u6ce8\u5165\u65f6\u7684\u4e00\u4e9b\u53c2\u6570\u3002kb.targets\u6dfb\u52a0\u4e86\u6211\u4eec\u8f93\u5165\u7684\u53c2\u6570\uff0c\u5982\u56fe<\/p>\n<p>\u5f80\u4e0b\u770b\uff0c\u5927\u4f53\u4e0a\u662f\u505a\u4e86\u4e00\u4e9b\u7c7b\u4f3c\u7c7b\u4f3c\u6253\u5370\u65e5\u5fd7\u3001\u8d4b\u503c\u3001\u6dfb\u52a0 HTTP Header \u7b49\u5de5\u4f5c\uff0c\u8fd9\u4e00\u90e8\u5206\u4ee3\u7801\u6211\u4eec\u5c31\u4e0d\u770b\u4e86\uff0c\u76f4\u63a5\u770b\u6700\u5173\u952e\u7684\u8fd9\u4e00\u90e8\u5206\u4ee3\u7801parseTargetUrl()\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_15.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<pre><code><span>if<\/span>&nbsp;re.search(<span>r\":\/\/[.+]\"<\/span>,&nbsp;conf.url)&nbsp;<span>and<\/span>&nbsp;<span>not<\/span>&nbsp;socket.has_ipv6<\/code><\/pre>\n<pre><code><span>if<\/span>&nbsp;<span>not<\/span>&nbsp;re.search(<span>r\"^(http|ws)s?:\/\/\"<\/span>,&nbsp;conf.url,&nbsp;re.I):<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_16.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8ddf\u8fdb<\/p>\n<p>\u4e00\u5f00\u59cb\u5148\u8fdb\u884c\u4e86\u8fd9\u4e00\u5224\u65ad<\/p>\n<p>\u5224\u65ad\u7684\u5f00\u5934\u5f62\u5f0f\u662f\u5426\u6b63\u786e\uff0c\u4ee5\u53ca socket \u662f\u5426\u4e3a ipv6 \u534f\u8bae\uff0c\u5982\u679c\u4e3a ipv6 \u534f\u8bae\uff0c\u90a3\u4e48 sqlmap \u5e76\u4e0d\u652f\u6301\u3002<\/p>\n<p>\u63a5\u7740\u5224\u65ad<\/p>\n<p>\u5224\u65ad\u662f http \u5f00\u5934\u8fd8\u662f https \u5f00\u5934\uff0c\u53c8\u6216\u8005\u662f\u5426\u662f ws\/wss \u5f00\u5934\uff0c\u5982\u679c\u6ca1\u6709\u8fd9\u4e9b\u5f00\u5934\uff0c\u5219\u5c31\u4ece\u7aef\u53e3\u5224\u65ad\uff0c\u8fd9\u91cc\u6211\u8ba4\u4e3a\u6216\u8bb8\u53ef\u4ee5\u52a0\u4e0a 80 \u4e0e 8080 \u7aef\u53e3\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_17.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_18.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u7ee7\u7eed\u5f80\u4e0b\u770b\uff0c\u8fdb\u884c\u4e86 url \u7684\u62c6\u5206\u3001host \u7684\u62c6\u5206\uff0c\u5e76\u5c06\u8fd9\u4e9b\u5185\u5bb9\u4fdd\u5b58\u5230 conf \u91cc\u9762\u7684\u5bf9\u5e94\u5c5e\u6027\uff0c\u540e\u7eed\u4e5f\u662f\u4e00\u4e9b\u57fa\u7840\u7684\u5224\u65ad\u4e0e\u8d4b\u503c\uff0c\u8fd9\u91cc\u4e0d\u518d\u8d58\u8ff0\u3002<\/p>\n<p>\u603b\u800c\u8a00\u4e4b\u662f\u5728\u5bf9 URL \u8fdb\u884c\u5256\u6790\u4e0e\u62c6\u89e3\uff0c\u6700\u540e\u8fd9\u4e9b\u4e1c\u897f\u90fd\u662f\u653e\u5230conf\u91cc\u9762\u7684<\/p>\n<ol start=\"3\">\n<li>\u5982\u679c\u8fd9\u4e2a\u7f51\u7ad9\u5df2\u7ecf\u88ab\u6ce8\u5165\u8fc7\uff0c\u751f\u6210\u6ce8\u5165\u68c0\u6d4b\u7684payload<\/li>\n<\/ol>\n<p>\u6838\u5fc3\u4ee3\u7801\u5728controller.py\u7684\u7b2c 434 \u884c\uff0c\u9700\u8ddf\u8fdb\uff1b\u6b64\u5904\u6211\u4eec\u53ef\u4ee5\u8bbe\u7f6e\u5bf9kb.injections\u7684\u53d8\u91cf\u76d1\u6d4b\u3002\u5148\u8ddf\u8fdbsetupTargetEnv()\u51fd\u6570<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_18.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_20.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_21.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6211\u4eec\u8ddf\u8fdb\u6700\u4e3b\u8981\u7684_resumeHashDBValues()\u51fd\u6570\uff0c\u9996\u5148\u8c03\u7528\u4e86hashDBRetrieve()\u51fd\u6570\uff0c\u8bbe\u7f6e\u68c0\u7d22<\/p>\n<p>\u51fa\u6765\uff0c\u5230\u7b2c 476 \u884c\uff0c\u8fd9\u4e00\u6b21\u53c8\u8c03\u7528\u4e86hashDBRetrieve()\u51fd\u6570\uff0c\u4f20\u53c2\u662fHASHDB<em>KEYS.KB<\/em>INJECTIONS\uff0c\u610f\u601d\u5c31\u662f\u4ee5KB<em>INJECTIONS\u4f5c\u4e3a KEY \u8fdb\u884c\u68c0\u7d22\u3002\u8ddf\u8fdb\u53d1\u73b0\u51fd\u6570\u5148\u5c06\u9700\u8981\u6ce8\u5165\u7684 URL \u4fe1\u606f\u653e\u5230\u4e86<\/em>\u8fd9\u4e2a\u53d8\u91cf\u4e2d\uff0c\u5e76\u5c06\u57fa\u7840\u4fe1\u606f\u7528|\u7b26\u53f7\u9694\u5f00\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_22.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_23.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8ddf\u8fdbretrieve()\u51fd\u6570\uff0c\u8fd9\u4e2a\u51fd\u6570\u505a\u4e86\u751f\u6210 payload \u7684\u5de5\u4f5c\uff0c\u5177\u4f53\u662f\u600e\u4e48\u751f\u6210\u7684\u6211\u4eec\u7ee7\u7eed\u5f80\u4e0b\u770b<\/p>\n<p>\u7b2c 95 \u884c\uff0c\u8fd9\u91cc\u5f88\u91cd\u8981\uff0c\u6267\u884c\u4e86 SQL \u8bed\u53e5\uff0c\u5e76\u901a\u8fc7 Hash \u52a0\u5bc6\uff0c\u52a0\u5bc6\u65b9\u5f0f\u662f base64Pickle \u5e8f\u5217\u5316<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_24.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6700\u7ec8\u53cd\u5e8f\u5217\u5316\u89e3\u5bc6 Payload\uff0c\u8bf4\u5b9e\u8bdd\u8fd9\u91cc\u6ca1\u770b\u61c2\u662f\u600e\u4e48\u751f\u6210\u7684\uff0c\u770b\u4e0a\u53bb\u4ec5\u4ec5\u662f\u6267\u884c\u4e86\u4e00\u4e2a SQL \u8bed\u53e5\uff0c\u540e\u9762\u770b\u5176\u4ed6\u5e08\u5085\u7684\u6587\u7ae0\u7684\u65f6\u5019\u5e76\u6ca1\u6709\u628a\u8fd9\u4e00\u6bb5\u5355\u72ec\u62c9\u51fa\u6765\u8bf4\uff0cpayloads \u5176\u5b9e\u90fd\u653e\u5728 xml \u5f53\u4e2d\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_25.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_26.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u63a5\u7740\u518d\u5faa\u73af\u4e00\u6b21\uff0c\u751f\u6210\u4e00\u4e2a payload<\/p>\n<p>\u5728\u751f\u6210\u5b8c\u6240\u6709 payload \u4e4b\u540e\u4f1a\u5148\u5bf9\u76ee\u6807\u8fdb\u884c\u4e00\u6b21\u63a2\u6d4b\uff0c\u5982\u679c Connection refused \u5219\u8fd4\u56de False<\/p>\n<p>\u8fd9\u91cc\u751f\u6210\u7684 payload \u53ea\u662f\u5f88\u57fa\u7840\u7684\u4e00\u90e8\u5206\uff0c\u5e76\u975e\u662f<\/p>\n<ol start=\"4\">\n<li>WAF \u68c0\u6d4b<\/li>\n<\/ol>\n<p>\u89e3\u6790\u5b8c URL \u4e4b\u540e\u5bf9\u76ee\u6807\u8fdb\u884c\u63a2\u6d4b\uff0c\u5f80\u4e0b\u770b\uff0c\u4f4d\u7f6e\u662fcontroller.py\u7684\u7b2c 439 \u884c\uff0c\u7b2c 448 \u884c\u6709checkWaf()\u7684\u51fd\u6570\uff0c\u5f88\u660e\u663e\u5c31\u662f\u8981\u505a WAF \u68c0\u6d4b\u7684\u529f\u80fd\u3002<\/p>\n<p>\u5148\u4f1a\u5224\u65ad\u8fd9\u4e00\u76ee\u6807\u662f\u5426\u5b58\u5728 WAF\uff0c\u5982\u679c\u5b58\u5728 WAF \u7684\u8bdd\uff0c\u4f1a\u8fdb\u884c\u5b57\u7b26\u7684\u76f8\u5173 fuzz\uff0c\u5f53\u7136\u6b64\u5904\u5efa\u8bae\u5bf9\u4e00\u4e2a\u5b58\u5728 WAF \u7684\u76ee\u6807\u8fdb\u884c\u6d4b\u8bd5\u3002\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u5982\u679c\u8fd9\u4e2a\u76ee\u6807\u4f60\u5df2\u7ecf\u63a2\u6d4b\u8fc7\u5b58\u5728 waf\uff0c\u4e14\u5df2\u77e5 waf \u5f52\u5c5e\u5382\u5546\u7684\u60c5\u51b5\u4e0b\uff0c\u5c31\u4e0d\u4f1a\u8d70\u5230 payload \u90a3\u4e00\u6bb5\u4ee3\u7801\u903b\u8f91\u5f53\u4e2d\u53bb\uff0c\u76f8\u5173\u7684\u4e1a\u52a1\u4ee3\u7801\u5728hashDBRetrieve()\u4e0b\uff0c\u6b64\u5904\u4e0d\u518d\u5c55\u5f00\uff0c\u6bd4\u8f83\u5bb9\u6613\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_28.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5982\u679c\u5b58\u5728 WAF\uff0c\u5219\u4f1a\u751f\u6210\u7528\u4e8e fuzz \u7684 payload\uff0c\u8fd9\u4e2a payload \u662f\u57fa\u4e8e\u8fd9\u4e2a NMAP \u7684http-waf-detect.nse\u2014\u2014\u2014\u2014 \u8bbe\u7f6e payload \u7c7b\u4f3c\u4e8e&#8221;9283 AND 1=1 UNION ALL SELECT 1,NULL,&#8221;,table<em>name FROM information<\/em>schema.tables WHERE 2&gt;1&#8211;\/**\/; EXEC xp_cmdshell(&#8216;cat ..\/..\/..\/etc\/passwd&#8217;)#&#8221;\uff0c\u5982\u679c\u6ca1\u6709 WAF\uff0c\u9875\u9762\u4e0d\u4f1a\u53d8\u5316\uff0c\u5982\u679c\u6709 WAF\uff0c\u56e0\u4e3a payload \u4e2d\u6709\u5f88\u591a\u654f\u611f\u5b57\u7b26\uff0c\u5927\u591a\u6570\u65f6\u5019\u9875\u9762\u90fd\u4f1a\u53d1\u751f\u6539\u53d8\u3002<\/p>\n<p>\u63a5\u4e0b\u6765\u7684conf.identifyWaf\u4ee3\u8868 sqlmap \u7684\u53c2\u6570&#8211;identify-waf,\u5982\u679c\u6307\u5b9a\u4e86\u6b64\u53c2\u6570\uff0c\u5c31\u4f1a\u8fdb\u5165identifyWaf()\u51fd\u6570\uff0c\u4e3b\u8981\u68c0\u6d4b\u7684 waf \u90fd\u5728 sqlmap \u7684 waf \u76ee\u5f55\u4e0b\u3002\u4e0d\u8fc7\u65b0\u7248\u7684 sqlmap \u5df2\u7ecf\u5c06\u8fd9\u4e00\u53c2\u6570\u7684\u529f\u80fd\u81ea\u52a8\u653e\u5230\u91cc\u9762\u4e86\uff0c\u65e0\u9700\u518d\u6307\u5b9a\u53c2\u6570<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_29.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5728\u7ecf\u8fc7\u5f88\u957f\u4e00\u6bb5\u7684\u6570\u636e\u5904\u7406\u4e0e\u5224\u65ad\u4ee3\u7801\u540e\uff0c\u6211\u4eec\u5230\u7b2c 1531 \u884c\uff0c\u5982\u56fe\uff0c\u8ddf\u8fdb\uff1bgetPage()\u51fd\u6570\u7684\u4f5c\u7528\u662f\u83b7\u53d6\u754c\u9762\u7684\u4e00\u4e9b\u4fe1\u606f\uff0c\u5982 url\uff0cua\uff0chost \u7b49\uff0c\u901a\u8fc7\u8f93\u51fa\u6bd4\u5bf9 payload\uff0c\u4e3a\u5224\u65ad waf \u7c7b\u578b\u63d0\u4f9b\u4fe1\u606f\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_30.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_31.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_32.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_33.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8fd9\u4e9b\u57fa\u7840\u4fe1\u606f\u6700\u540e\u90fd\u4f1a\u4fdd\u5b58\u5728 response \u7cfb\u5217\u7684 message \u5f53\u4e2d<\/p>\n<p>getPage()\u51fd\u6570\u4e2d\u8c03\u7528\u4e86processResponse()\u51fd\u6570\u505a\u54cd\u5e94\u7ed3\u679c\u7684\u5904\u7406\uff0c\u8ddf\u8fdb<\/p>\n<p>\u5f80\u4e0b\u770b\uff0c\u5230 401 \u884c\u5f00\u59cb\uff0c\u540e\u7eed\u7684\u4ee3\u7801\u8fdb\u884c\u4e86 Waf \u7684\u8bc6\u522b<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_34.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_35.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_36.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8ddf\u8fdbidentYwaf.non<em>blind<\/em>check()\uff0c\u662f\u901a\u8fc7\u6b63\u5219\u8868\u8fbe\u5f0f\u6765\u5bf9\u9875\u9762\u8fdb\u884c\u5339\u914d\uff0c\u5bf9\u5e94\u7684\u89c4\u5219\u5728thirdparty\/identywaf\/data.json\u4e2d<\/p>\n<p>\u540c\u65f6 sqlmap \u4e0d\u5149\u901a\u8fc7\u89c4\u5219\u5e93\u6765\u8fdb\u884c\u5224\u65ad\uff0c\u4e5f\u4f1a\u901a\u8fc7\u9875\u9762\u76f8\u4f3c\u5ea6\u6765\u5224\u65ad\u662f\u5426\u5b58\u5728waf\/ips<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_37.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<pre><code>[INFO]&nbsp;testing&nbsp;if&nbsp;the&nbsp;target&nbsp;URL&nbsp;content&nbsp;is&nbsp;stable<\/code><\/pre>\n<p>\u5982\u679c\u76f8\u4f3c\u5ea6\u5c0f\u4e8e\u8bbe\u5b9a\u7684 0.5 \u90a3\u4e48\u5c31\u5224\u5b9a\u4e3a\u6709 waf \u62e6\u622a<\/p>\n<p>WAF \u6ce8\u5165\u603b\u7ed3<\/p>\n<p>\u603b\u7ed3\u4e00\u4e0b\u5c31\u662f\u4e24\u70b9\uff0c\u4e00\u79cd\u65b9\u6cd5\u662f\u901a\u8fc7\u6b63\u5219\u5339\u914d\u7684\u68c0\u6d4b\uff0c\u53e6\u5916\u4e00\u79cd\u65b9\u6cd5\u662f\u6839\u636e\u9875\u9762\u76f8\u4f3c\u5ea6\u6765\u68c0\u6d4b\uff0c\u6211\u81ea\u5df1\u5e94\u8be5\u5f88\u96be\u5199\u51fa\u6765 waf \u68c0\u6d4b\u7684\u4e1c\u897f\uff1b\u5c4a\u65f6\u518d\u505a\u5c1d\u8bd5\u3002<\/p>\n<ol start=\"5\">\n<li>\u6ce8\u5165\u68c0\u6d4b\u4e4b\u542f\u53d1\u5f0f\u6ce8\u5165<\/li>\n<\/ol>\n<p>\u4ececheckWaf()\u51fd\u6570\u91cc\u9762\u51fa\u6765\uff0c\u5148\u5230\u7b2c 457 \u884c\uff0c\u68c0\u6d4b\u7f51\u7ad9\u662f\u5426\u7a33\u5b9a\uff08\u56e0\u4e3a\u6709\u4e9b\u7f51\u7ad9\u4e00\u6d4b\u8bd5\u53ef\u80fd\u5c31\u70b8\u4e86\uff09\u5bf9\u5e94\u6b64 info<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_38.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_39.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_40.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u7ee7\u7eed\u5f80\u4e0b\u8d70\u5230\u7b2c 471 \u884c\uff0c\u4f1a\u5148\u5224\u65ad\u53c2\u6570\u662f\u5426\u53ef\u4ee5\u6ce8\u5165\uff0c\u8fd9\u91cc\u4e0e\u547d\u4ee4\u7684\u53c2\u6570 \u2014\u2014&#8211;level\u6302\u94a9<\/p>\n<p>\u5728\u524d\u6587\u73af\u5883\u51c6\u5907\u7684\u65f6\u5019\u6211\u4eec\u91c7\u7528\u7684\u65b9\u5f0f\u662f\u62a5\u9519\u6ce8\u5165\uff0c\u5982\u679c\u4e0d\u8fd9\u4e48\u505a\uff0c\u76f4\u63a5\u6307\u5b9a\u53c2\u6570&#8211;dbs\uff0c\u65e0\u6cd5\u8fdb\u5165\u5230\u542f\u53d1\u5f0f\u6ce8\u5165\u91cc\u9762\u3002\u6211\u4eec\u63a5\u7740\u770b\u4ee3\u7801\uff0c\u5f80\u4e0b\u76f4\u5230\u7b2c 581 \u884c\uff0c\u8c03\u7528\u7684heuristicCheckSqlInjection()\u51fd\u6570\uff0c\u610f\u601d\u662f\u542f\u53d1\u6027\u6ce8\u5165\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_41.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>1\u3001\u6570\u636e\u5e93\u7248\u672c\u7684\u8bc6\u522b2\u3001\u7edd\u5bf9\u8def\u5f84\u83b7\u53d63\u3001XSS \u7684\u6d4b\u8bd5<\/p>\n<p>\u6570\u636e\u5e93\u7248\u672c\u7684\u8bc6\u522b<\/p>\n<p>\u9996\u5148\u4f1a\u4eceHEURISTIC<em>CHECK<\/em>ALPHABET\u4e2d\u968f\u673a\u62bd\u53d610\u4e2a\u5b57\u7b26\u51fa\u73b0\u6784\u9020 Payload\uff0c\u5f53\u7136\u91cc\u9762\u7684\u90fd\u4e0d\u662f\u4e9b\u666e\u901a\u7684\u5b57\u7b26\uff0c\u800c\u4e14\u4e9b\u7279\u6b8a\u5b57\u7b26\uff0c\u5f53\u6211\u4eec\u8fdb\u884c SQL \u6ce8\u5165\u6d4b\u8bd5\u7684\u65f6\u5019\u4f1a\u5f88\u4e60\u60ef\u7684\u5728\u53c2\u6570\u540e\u9762\u52a0\u4e2a\u5206\u53f7\u554a\u4ec0\u4e48\u7684\uff0c\u53c8\u6216\u8005\u662f\u5176\u4ed6\u4e00\u4e9b\u7279\u6b8a\u7684\u5b57\u7b26\uff0c\u51fa\u73b0\u8fd0\u6c14\u597d\u7684\u8bdd\u6709\u53ef\u80fd\u4f1a\u66b4\u51fa\u6570\u636e\u7684\u76f8\u5173\u9519\u8bef\u4fe1\u606f\uff0c\u800c\u90a3\u4e2a\u65f6\u5019\u6211\u4eec\u5c31\u53ef\u4ee5\u6839\u636e\u6240\u66b4\u51fa\u7684\u76f8\u5173\u9519\u8bef\u4fe1\u606f\u53bb\u731c\u6d4b\u5f53\u524d\u76ee\u6807\u7684\u6570\u636e\u5e93\u662f\u4ec0\u4e48\u3002\u5e76\u4e14\u6700\u540e\u751f\u6210\u7684\u8fd9\u4e2a payload \u662f\u80fd\u591f\u95ed\u5408\u7684<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_42.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_43.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_44.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5b9e\u9645\u627e\u4e2a\u7f51\u7ad9\u6d4b\u8bd5\uff0c\u5982\u56fe\uff0c\u8fd9\u5c31\u662f\u62a5\u51fa\u7684 SQL \u6570\u636e\u5e93\u9519\u8bef<\/p>\n<p>\u5224\u65ad\u5728lib\/request\/connect.py\u7684 1532 \u884c<\/p>\n<p>\u63a5\u7740\u8ddf\u8fdbprocessResponse()\u51fd\u6570\uff0c\u8fd9\u91cc\u548c waf \u5bf9\u6bd4\u7528\u7684\u540c\u4e00\u79cd\u65b9\u5f0f\uff0c\u4e0d\u518d\u8be6\u7ec6\u8bf4\u660e<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_45.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_46.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_47.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5176\u4e2dprocessResponse()\u4f1a\u8c03\u7528\u5230.\/lib\/parse\/html.py\u4e2d\u7684htmlParser()\u51fd\u6570\uff0c\u8fd9\u4e00\u4e2a\u51fd\u6570\u5c31\u662f\u6839\u636e\u4e0d\u540c\u7684\u6570\u636e\u5e93\u6307\u7eb9\u53bb\u8bc6\u522b\u5f53\u524d\u7684\u6570\u636e\u5e93\u7a76\u7adf\u662f\u4ec0\u4e48\u3002<\/p>\n<p>\u6700\u7ec8\u5b9e\u73b0\u8fd9\u4e00\u529f\u80fd\u7684\u5176\u5b9e\u662fHTMLHandler\u8fd9\u4e2a\u7c7b\uff0cerrors.xml\u6587\u4ef6\u5185\u5bb9\u5982\u56fe<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_48.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8fd9\u4e00\u914d\u7f6e\u6587\u4ef6\u7684\u6bd4\u8f83\u7b80\u5355\uff0c\u5176\u5b9e\u4e5f\u5c31\u662f\u4e00\u4e9b\u5bf9\u5e94\u6570\u636e\u5e93\u7684\u6b63\u5219\u3002sqlmap \u5728\u89e3\u6790errors.xml\u7684\u65f6\u5019\uff0c\u7136\u540e\u6839\u636eregexp\u4e2d\u7684\u6b63\u5219\u53bb\u5339\u914d\u5f53\u524d\u7684\u9875\u9762\u4fe1\u606f\u7136\u540e\u53bb\u786e\u5b9a\u5f53\u524d\u7684\u6570\u636e\u5e93\u3002\u8fd9\u4e00\u6b65\u548c WAF \u6bd4\u5bf9\u7c7b\u4f3c\u3002<\/p>\n<p>\u5230\u6b64 sqlmap \u5c31\u53ef\u4ee5\u786e\u5b9a\u6570\u636e\u7684\u7248\u672c\u4e86\uff0c\u4ece\u800c\u9009\u62e9\u5bf9\u5e94\u7684\u6d4b\u8bd5 Payload\uff0c\u540e\u7eed\u6211\u4eec\u4f1a\u770b\u5230\u8fd9\u662f\u6839\u636e\u83ab\u7d22\u5f15\u5c06 payloads \u6392\u5e8f\uff0c\u7136\u540e\u9009\u53d6\u5bf9\u5e94\u6570\u636e\u5e93\u4fe1\u606f\u7684 payloads \u8fdb\u884c\u6d4b\u8bd5\u3002\u51cf\u5c11 sqlmap \u7684\u626b\u63cf\u65f6\u95f4\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_49.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_50.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_51.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u83b7\u53d6\u7edd\u5bf9\u8def\u5f84\u4e0e XSS \u63a2\u6d4b<\/p>\n<p>\u76f8\u6bd4\u6307\u7eb9\u8bc6\u522b\uff0c\u83b7\u53d6\u7edd\u5bf9\u8def\u5f84\u7684\u529f\u80fd\u6a21\u5757\u76f8\u5bf9\u7b80\u5355\uff0c\u5229\u7528\u6b63\u5219\u5339\u914d\u5bfb\u627e\u51fa\u7edd\u5bf9\u8def\u5f84\u3002<\/p>\n<p>XSS \u7684\u63a2\u6d4b\u4e5f\u6bd4\u8f83\u7b80\u5355\uff0c\u8fd9\u91cc\u5c31\u4e0d\u4f5c\u4ee3\u7801\u5206\u6790\u4e86<\/p>\n<ol start=\"6\">\n<li>\u6ce8\u5165\u68c0\u6d4b\u4e4b\u6b63\u5f0f\u6ce8\u5165<\/li>\n<\/ol>\n<p>\u4ece\u542f\u53d1\u5f0f\u6ce8\u5165\u91cc\u9762\u51fa\u6765\uff0c\u5230\u7b2c 592 \u884c\uff0c\u8fdb\u884c\u6b63\u5f0f\u7684\u6ce8\u5165\u68c0\u6d4b\uff0c\u8ddf\u8fdb<\/p>\n<p>\u5230\u7b2c 130 \u884c\uff0c\u83b7\u53d6\u6240\u6709\u7684 payload\uff0c\u540e\u7eed\u4f1a\u6839\u636e\u6570\u636e\u5e93\u7684\u4fe1\u606f\u6784\u5efa\u7d22\u5f15\uff0c\u5c06\u7b26\u5408\u7d22\u5f15\u7684 payload \u62ff\u53bb\u653b\u51fb<\/p>\n<p>\u5f80\u4e0b\u8d70\uff0c\u5148\u5224\u65ad\u6709\u6ca1\u6709\u505a\u6570\u636e\u5e93\u4fe1\u606f\u7684\u83b7\u53d6\uff0c\u5982\u679c\u6709\u5219\u8df3\u8fc7\uff0c\u5982\u679c\u6ca1\u6709\u5c31\u5148\u8fdb\u884c\u4e0a\u4e00\u6b65\u7684\u542f\u53d1\u5f0f\u6ce8\u5165<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_54.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_55.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u63a5\u7740\u6839\u636e\u901a\u8fc7\u62a5\u9519\u5f97\u5230\u7684\u6570\u636e\u5e93\u4fe1\u606f\u5efa\u7acb\u7d22\u5f15\uff0c\u5c06\u5bf9\u5e94\u6700\u6709\u6548\u7684 payload \u62ff\u51fa\u6765\u3002\u8fd9\u4e9b payloads \u4f1a\u8fdb\u884c while \u5faa\u73af<\/p>\n<p>\u7b2c 370 \u884c\uff0c\u901a\u8fc7cleanupPayload()\u51fd\u6570\u5bf9 payload \u8fdb\u884c\u5904\u7406\uff0c\u4e3b\u8981\u529f\u80fd\u5176\u5b9e\u662f\u505a\u4e86 payload \u7684\u6807\u7b7e\u66ff\u6362<\/p>\n<pre><code><span>\"AND&nbsp;(SELECT&nbsp;2*(IF((SELECT&nbsp;*&nbsp;FROM&nbsp;(SELECT&nbsp;CONCAT('qbpxq',(SELECT&nbsp;(ELT(9125=9125,1))),'qxkvq','x'))s),&nbsp;8446744073709551610,&nbsp;8446744073709551610)))\"<\/span><\/code><\/pre>\n<pre><code>prefix&nbsp;+&nbsp;payload&nbsp;+&nbsp;suffix&nbsp;<\/code><\/pre>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_56.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6700\u540e\u66ff\u6362\u8fc7\u7684 payload \u957f\u8fd9\u6837<\/p>\n<p>\u5728 sqlmap \u4e2d\u5c06payload \u5206\u4e3a\u4e86\u4e09\u90e8\u5206\uff0c\u4e0a\u9762\u751f\u6210\u7684 fstpayload \u5c31\u662f\u4e2d\u95f4\u90a3\u90e8\u5206 prefix \u548c suffix \u5c31\u662f\u5bf9\u5e94\u7684\uff0c\u95ed\u5408\u524d\u9762\u7684\u7ed3\u5408\u4ee5\u53ca\u6ce8\u91ca\u540e\u9762\u7684\u7ed3\u6784\uff0c\u8fd9\u4e24\u4e2a\u5c5e\u6027\u4e3b\u8981\u662f\u4ece boundary \u4e2d\u8fdb\u884c\u83b7\u53d6\u7684\uff0cboundary \u5c31\u662f\u524d\u9762\u52a0\u8f7d\u7684boundaries.xml\u914d\u7f6e\u6587\u4ef6\uff0c\u7528\u6765\u95ed\u5408\u7684\uff0c\u6240\u4ee5\u8fd9\u91cc\u4f5c\u4e3a\u4e86 prefix \u548c suffix<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_57.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_58.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_59.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u6700\u540e\u7684\u62fc\u63a5<\/p>\n<p>\u5e76\u5206\u522b\u5bf9 prefix \u548c suffix \u8fdb\u884c clean\uff0c\u7136\u540e\u8fdb\u884c\u7ec4\u5408\uff0c\u7ec4\u5408\u4e4b\u540e\u7684 payload \u5c31\u662f reqPayload\uff0c\u7136\u540e\u8fdb\u884c\u8bf7\u6c42<\/p>\n<p>\u8bf7\u6c42\u5b8c\u6bd5\u7684\u7ed3\u679c\u7ecf\u8fc7queryPage()\u51fd\u6570\u6765\u83b7\u53d6\u754c\u9762\uff0c\u4f46\u662f\u9875\u9762\u7ed3\u679c\u662f\u7531kb.chars.start\u548ckb.chars.stop\u5305\u88f9\u7740\u7684<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_60.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_61.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5f53\u7b2c\u4e00\u6b21\u7684\u6ce8\u5165\u4e0d\u6210\u529f\u7684\u65f6\u5019\uff0c\u4f1a\u4e0d\u65ad\u53d8\u66f4 prefix\uff0csuffix\uff0c\u5f53 prefix \u548c suffix \u90fd\u53d8\u66f4\u5b8c\u6bd5\u4f46\u8fd8\u662f\u65e0\u6cd5\u6ce8\u5165\u65f6\uff0c\u624d\u4f1a\u53d8\u66f4 payload\uff0c\u53d6\u51fa\u53e6\u4e00\u4e2a payload \u51fa\u6765\uff0c\u76f4\u81f3injectable\u53d8\u91cf\u4e3a true\uff0c\u540c\u65f6output=1<\/p>\n<p>\u5e76\u4e14injectable=true<\/p>\n<ol start=\"7\">\n<li>\u7206\u6570\u636e\u5e93\u7b49\u64cd\u4f5c<\/li>\n<\/ol>\n<p>\u7ecf\u8fc7\u4e0a\u4e00\u6b65\u6b63\u5f0f\u6ce8\u5165\u7684\u5224\u65ad\uff0c\u5f97\u5230\u7684injectable=true\u53c2\u6570\uff0c\u624d\u80fd\u8fdb\u884c\u4e0b\u4e00\u6b65\u7684\u7206\u6570\u636e\u5e93\u64cd\u4f5c. \u7206\u5e93\u9636\u6bb5\u4e3b\u8981\u662f\u5148\u7ecf\u8fc7\u56db\u4e2a\u51fd\u6570\u5904\u7406\u6570\u636e\u540e\uff0c\u518d\u8c03\u7528action()\u51fd\u6570\uff0c\u8ddf\u8fdb\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_64.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_65.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_66.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_67.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8fd9\u91cc\u5df2\u7206\u5e93\u4e3a\u4f8b\uff0c\u5148\u770b&#8211;dbs\u53c2\u6570\u6709\u5173\u7684\u8fd9\u4e00\u5757\uff0c\u6838\u5fc3\u51fd\u6570\u662fgetDbs()<\/p>\n<p>\u5148\u6839\u636e\u540e\u53f0\u6570\u636e\u5e93\u4fe1\u606f\uff0c\u8f93\u51fa\u65e5\u5fd7<\/p>\n<p>\u7b2c 133 \u884c\uff0cqueries\u5c31\u662f\u5b58\u653e\u4e4b\u524d\u521d\u59cb\u5316queries.xml\u7684\u53d8\u91cf<\/p>\n<p>\u9996\u5148\u901a\u8fc7count(schema_name)\u6765\u83b7\u53d6\u6570\u636e\u5e93\u7684\u4e2a\u6570\uff0c\u7136\u540e\u518d\u901a\u8fc7limit num,1\u6765\u4f9d\u6b21\u83b7\u53d6\u6570\u636e\u5e93\u540d\uff0c\u4ecequeries\u53d8\u91cf\u4e2d\u83b7\u53d6\u8bed\u53e5\u4e4b\u540e\u5c31\u4f1a\u4f20\u9012\u5230getValue\u51fd\u6570<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_68.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8ddf\u8fdb\uff0c\u524d\u9762\u505a\u4e86\u4e00\u4e9b\u57fa\u7840\u7684\u8bbe\u7f6e\u548c payload \u7684\u5904\u7406\u4e0e\u8d4b\u503c\uff0c\u6bd4\u5982\u7b2c 401 \u884c\u7684cleanQuery()\u51fd\u6570\uff0c\u5c06\u8bed\u53e5\u8f6c\u6362\u4e3a\u5927\u5199\uff0c\u8fd9\u91cc\u6211\u5c31\u4e0d\u8ddf\u8fdb\u4e86\u3002\u76f4\u63a5\u770b\u5173\u952e\u8bed\u53e5\uff0c\u7b2c 451 \u884c\uff0cerrorUse()\u51fd\u6570<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_69.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_70.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u5728errorUse()\u4e2d\u9996\u5148\u901a\u8fc7\u6b63\u5219\u5c06 payload \u4e2d\u7684\u5404\u4e2a\u90e8\u5206\u90fd\u8fdb\u884c\u4e86\u83b7\u53d6 \uff0c\u4fdd\u5b58\u5230\u4e86\u5bf9\u5e94\u7684field\u5f53\u4e2d\uff0c\u6700\u7ec8\u7ecf\u8fc7\u4e00\u7cfb\u5217\u5904\u7406\uff0c\u53d6\u51fa\u4e86 payload \u4e2d\u7684schema_name<\/p>\n<p>\u8df3\u51fagetFields()\u51fd\u6570\uff0c\u5f80\u4e0b\uff0c\u5c06expression\u7684\u503c\u7ecf\u8fc7 replace \u64cd\u4f5c\uff0c\u8d4b\u503c\u7ed9\u4e86countedExpression\uff0c\u6700\u7ec8\u5f97\u5230\u7684\u503c\u662f&#8217;SELECT COUNT(schema<em>name) FROM INFORMATION<\/em>SCHEMA.SCHEMATA&#8217;<\/p>\n<p>\u7b2c 337 \u884c\uff0c\u8ddf\u8fdb_oneShotErrorUse()\u51fd\u6570\uff0c\u5728\u8fd9\u4e00\u4e2a\u51fd\u6570\u4e2d\uff0csqlmap \u5bf9\u76ee\u6807\u7f51\u7ad9\u53d1\u5305\uff0c\u4f7f\u7528\u7684 payload \u4e3acountedExpression\uff0c\u76ee\u7684\u662f\u63a2\u6d4b\u6570\u636e\u5e93\u4e2a\u6570\uff08count\uff09<\/p>\n<p>\u5177\u4f53\u4e1a\u52a1\u53d1\u5305\u5728\u8fd9\u91cc<\/p>\n<p>\u6700\u540e\u5c06\u7ed3\u679c\u4f20\u5165extractRegexResult()\u51fd\u6570\u4e2d\u8fdb\u884c\u6b63\u5219\u63d0\u53d6<\/p>\n<p>\u591a\u7ebf\u7a0b\u7684\u65b9\u5f0f\u8fdb\u884c\u6ce8\u5165\uff0c\u800crunThreads()\u51fd\u6570\u8c03\u7528\u4e86errorThread()\u51fd\u6570\uff0c\u6700\u7ec8\u7684\u6ce8\u5165\u4e1a\u52a1\u8fd8\u662f\u7531errorThread()\u51fd\u6570\u6765\u5b8c\u6210\u7684<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_75.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_76.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_77.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_1.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><\/p>\n<p>\u8ddf\u8fdb\u4e00\u4e0b_errorFields()\u51fd\u6570\uff0c\u5c06\u6bcf\u4e00\u4e2a\u8868\u8fdb\u884c while \u5faa\u73af\u64cd\u4f5c\uff0c\u518d\u901a\u8fc7limitQuery()\u51fd\u6570\u8bbe\u7f6e\u6700\u540e\u7684Limit\u8bed\u53e5<\/p>\n<p>\u6700\u540e\u6210\u529f&#8211;dbs sqlmap \u6d41\u7a0b\u5206\u6790\u7ed3\u675f<\/p>\n<p>0x04 \u5c0f\u7ed3<\/p>\n<p>sqlmap \u7684\u6d41\u7a0b\u5206\u6790\u9700\u8981\u975e\u5e38\u91cd\u89c6\u8fd9\u5f20\u56fe\uff0c\u5f53\u611f\u89c9\u4ee3\u7801\u770b\u4e0d\u4e0b\u53bb\u7684\u65f6\u5019\u770b\u4e00\u4e0b\u8fd9\u5f20\u56fe\u53ef\u4ee5\u4e8b\u534a\u529f\u500d\u3002<\/p>\n<p>\u5728\u5ba1\u8ba1\u5f00\u59cb\u4e4b\u524d\u4e5f\u53ef\u4ee5\u770b\u4e00\u4e0butils\u6587\u4ef6\u5939\u4e0b\u7684 python \u6587\u4ef6\uff0c\u603b\u4f53\u6765\u8bf4\u6d41\u7a0b\u5e76\u4e0d\u96be\uff0c\u770b\u6b63\u5219\u7684\u65f6\u5019\u5176\u5b9e\u633a\u5403\u529b\u7684\u3002<\/p>\n<p>0x05 Reference<\/p>\n<p>https:\/\/wooyun.js.org\/drops\/SQLMAP%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90Part1.%E6%B5%81%E7%A8%8B%E7%AF%87.html<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_80.png\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><img decoding=\"async\" src=\"http:\/\/s1sql1tew.hb-bkt.clouddn.com\/photos\/20240312\/9e6508334276ec75b55000280df36fc3_81.gif\" alt=\"hashcat\u6e90\u4ee3\u7801\u89e3\u6790\"><!-- \u6587\u7ae0\u6765\u6e90:http:\/\/mp.weixin.qq.com\/s?src=11&amp;timestamp=1697653242&amp;ver=4842&amp;signature=TjhtmoP8lQxzfUF50u0dFsUNfhVBQgIsxnmlewFYYw60ZjlqD6QNZZsIpScvnk5lIjIUjPgR5WUdq6l1SoCDWtVuEjNCvZBYWov4fPYYe5AjOMXjKDk3PL1sSD1BrNzS&amp;new=1 --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>sqlmap \u6e90\u7801\u9605\u8bfb\u4e0e\u6d41\u7a0b\u5206\u67900x01 \u524d\u8a00\u8fd8\u662f\u4ee3\u7801\u529f\u5e95\u592a\u5dee\uff0c\u6240\u4ee5\u60f3\u5c1d\u8bd5\u9605\u8bfb sqlmap \u6e90\u7801\u4e00\u4e0b\uff0c\u5e76\u4e14\u81ea\u5df1\u7528 golang \u91cd\u6784\uff0c\u5230\u540e\u9762\u4f1a\u8fdb\u884c ysoserial \u7684\u6539\u5199\uff1b\u4ee5\u53ca xray \u7684\u91cd\u6784<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-349","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/comments?post=349"}],"version-history":[{"count":0,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/349\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/media?parent=349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/categories?post=349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/tags?post=349"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/topic?post=349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}