listoptions($actiontaskid); // we will actually store it for use in a second... break; case stop: // stop a specified running task id $sqlmap->stopscan($actiontaskid); break; case kill: // forcefully kill a specified running task id $sqlmap->killscan($actiontaskid); break; case del: // delete a specified running task id $sqlmap->deletetaskid($actiontaskid); break; default: // do nothing if nothing is specified... break; } } } }?> sqlmap web gui - admin panel
adminlisttasks(trim($_session['myadminid'])); if(!$tasklist) {?>
[warning] '' - appears to be an invalid admin id!
admin id:
total number of known tasks:
listoptions(trim($_get['task']))['options']), ent_quotes, 'utf-8'); echo '
'; } else { ?> taskid target status options
checkscanstatus($t); $taskconfig = $sqlmap->listoptions($t); echo ; echo ; echo htmlentities($t, ent_quotes, 'utf-8'); echo ; if(sizeof($taskconfig) > 0) { $targethost = parse_url($taskconfig['options']['url'], php_url_host); echo . htmlentities($targethost, ent_quotes, 'utf-8') . ; } else { echo - ; } if(isset($status['status'])) { echo . htmlentities($status['status'], ent_quotes, 'utf-8') . ; } else { echo - ; } echo conf ; if($status['status'] == 'running') { echo stop ; echo kill ; } else { echo - ; echo - ; } echo del ; echo
; } ?>
[warning] no admin id set!
logout
want to learn more about sqlmap, visit the project page!
sqlmap web operator copyright © 2015, coded by: hr, all rights reserved.


这是后台登录首页(index.php)的代码，帐号密码在config.php中写死了，是admin，admin。现在登录后台后，显示[warning] no admin id set!，然后然我输入一串密文token，token密文貌似是
$salt = !sql!; // salt for form token hash generation $token = sha1(mt_rand(1, 1000000) . $salt); // generate csrf token hash $_session['token'] = $token; // set csrf token for form submitverification

是1-1000000加salt的sha1加密，然后我在
[warning] no admin id set!


看到了输出token的语句，在前台查看源代码后，把密文输入，但是还是不行。求解，怎么才能过去？谢谢！！
回复内容： listoptions($actiontaskid); // we will actually store it for use in a second... break; case stop: // stop a specified running task id $sqlmap->stopscan($actiontaskid); break; case kill: // forcefully kill a specified running task id $sqlmap->killscan($actiontaskid); break; case del: // delete a specified running task id $sqlmap->deletetaskid($actiontaskid); break; default: // do nothing if nothing is specified... break; } } } }?> sqlmap web gui - admin panel
adminlisttasks(trim($_session['myadminid'])); if(!$tasklist) {?>
[warning] '' - appears to be an invalid admin id!
admin id:
total number of known tasks:
listoptions(trim($_get['task']))['options']), ent_quotes, 'utf-8'); echo '
'; } else { ?> taskid target status options
checkscanstatus($t); $taskconfig = $sqlmap->listoptions($t); echo ; echo ; echo htmlentities($t, ent_quotes, 'utf-8'); echo ; if(sizeof($taskconfig) > 0) { $targethost = parse_url($taskconfig['options']['url'], php_url_host); echo . htmlentities($targethost, ent_quotes, 'utf-8') . ; } else { echo - ; } if(isset($status['status'])) { echo . htmlentities($status['status'], ent_quotes, 'utf-8') . ; } else { echo - ; } echo conf ; if($status['status'] == 'running') { echo stop ; echo kill ; } else { echo - ; echo - ; } echo del ; echo
; } ?>
[warning] no admin id set!
logout
want to learn more about sqlmap, visit the project page!
sqlmap web operator copyright © 2015, coded by: hr, all rights reserved.


这是后台登录首页(index.php)的代码，帐号密码在config.php中写死了，是admin，admin。现在登录后台后，显示[warning] no admin id set!，然后然我输入一串密文token，token密文貌似是
$salt = !sql!; // salt for form token hash generation $token = sha1(mt_rand(1, 1000000) . $salt); // generate csrf token hash $_session['token'] = $token; // set csrf token for form submitverification

是1-1000000加salt的sha1加密，然后我在
[warning] no admin id set!


看到了输出token的语句，在前台查看源代码后，把密文输入，但是还是不行。求解，怎么才能过去？谢谢！！
你通过post传递 myadminid，但问题是你自己输入的myadminid是应该怎么产生的？
那个token是防止csrf的，不是用来产生myadminid的，至于myadminid应该怎么产生，你应该看看这段代码：
$sqlmap->adminlisttasks(trim($_session['myadminid']));