Subscribe to our Newsletter

Receive our news and insights

Blog / Python   Quality Assurance   SQLMAP  

SQL injection using SQLMAP

A Picture of Danilo Vezzoni
By:
December 13, 2012 | Topic: Python   Quality Assurance   SQLMAP  
SQL injection using SQLMAP

SQL injection

This tool is open source and just requires installation of Python for it to work.

It has complete support for MySQL, Oracle, PostgreSQL y Microsoft SQL. Besides these four database system management, sqlMap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.

This powerful tool can be manipulated through commands and next we will take a look at those that are frequently used for data extraction from a web site.

For this guide, I will use Backtrack which brings sqlmap already installed. You can find it in:

Applications  >>  Backtrack  >>  Exploitation Tools  >>  Web Exploitation Tools  >>  sqlmap

When running it, you will see something like this:

For this tutorial I have prepared a vulnerable site. The first step is to find a section to inject. I will use the following:

http://127.0.0.1/web/product.php?id=7

To find out whether the site is vulnerable or not, we must generate an error.  To do this, I’m going to change the number 7 to a single quote (‘).  I could have used a negative number or anything.  If the site is vulnerable, it should show some kind of error.

Once we’ve found where we want to do the injection, we run the following command to get the names of the databases of the site:

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –dbs

Now we have the database name, which is smartene_SEH.

Then we’ll search the table names, to do that we need to execute a similar command with some extra parameters.

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –D smartene_SEH — tables

Finally, to dump a table and get its information, we need to run the following command:

python sqlmap.py -u http://127.0.0.1/product.php?id=7 –D smartene_SEH –T usuarios – -dump

As a result, we’ll get the data of that table:

That’s all about it!

 

The chatbot revolution

Related Services

EXECUTIVE INSIGHTS

Business  

The leaders we need to navigate the COVID-19 storm

By

April 23 / 2020

1 Stars2 Stars3 Stars4 Stars5 Stars
Loading...

As we gradually get used to our new COVID-19 reality, daily life from just a few weeks ago now feels like a lifetime away. For businesses this has created,...

Read post

HOT
TOPIC