小白博客 sqlmap之POST登陆框注入方式二【自动搜索表单的方式】

sqlmap.py -u "http://192.168.160.1/sqltest/post.php" --forms

它会有几次消息提示:

do you want to test this form? [Y/n/q] 要测试此表单吗?[Y/n/q]  输入"Y"

do you want to fill blank fields with random values? [Y/n] 是否要填充带有随机值的空白字段? [Y/n]  输入"Y"

it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] 它看起来像后端DBMS是'MySQL'。 是否要跳过特定于其他DBMS的测试负载？ [Y/n] 输入"Y" for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] 对于剩余的测试，您想要包括所有针对“MySQL”扩展提供的级别（1）和风险（1）值的测试吗？[Y/n]  输入"N"

POST parameter 'n' is vulnerable. Do you want to keep testing the others (if any)? [y/N] POST参数'n'是脆弱的。 你想继续测试其他人（如果有的话）吗？[y/N]  输入"N"

do you want to exploit this SQL injection? [Y/n] 你想利用SQL注入？ 输入"Y"