sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.learn more...
So lets know how to use it.......
Lets start with installation
FOR WINDOWS:
In the official website of sqlmap we are provided with a zip file. Download it by clicking on it
Extract it into a desired directory and you must have gotten a python file named sqlmap.py.
So if you already have python installed in your machine continue and use command line python3
FOR LINUX:
Most of the Linux machines already have sqlmap prebuilt
If not, type in the following command in you terminal
$ sudo apt install sqlmap
Now we have everything. So lets get into it.....
Most of the SQL based attacks are UNION attacks this type of attacks happen mainly when there are forms.
And when there are forms it will be either GET or POST method. This tool works amazingly in both these methods.
GET:
GET method has a query at the end of the URL in the form /?q= where q can be anything ans that depends on the html and php of the input element. we have to provide a command as
sudo sqlmap -u <url_along_with_query_part> <and your required tables or databases>
POST:
POST method basically has data that gets sent to the host machine for this we have to use
sudo sqlmap -u <url> --data <parameters> --method POST
To find the data is another challenge sometimes,for this we can use burpsuit, another tool which intercepts the data that is being sent. Let's learn about this in another post.
--by partheev
THANK YOU
👍
Good writeup
ReplyDeleteMost helpful
ReplyDelete