44 lines
1.1 KiB
Markdown
44 lines
1.1 KiB
Markdown
|
# SQLmap
|
||
|
|
|
||
|
|
|
||
|
|
* [sqlmap](https://github.com/sqlmapproject/sqlmap.git)
|
||
|
|
* [CheatSheet](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
|
||
|
|
* [Examples](https://www.security-sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet)
|
||
|
|
|
||
|
|
## Usage
|
||
|
|
|
||
|
|
* Use `-r` with a saved HTTP request
|
||
|
|
```sh
|
||
|
|
sqlmap -r request.txt --dbms=mysql --dump
|
||
|
|
sqlmap -r request.txt --batch
|
||
|
|
```
|
||
|
|
* Select form data automatically
|
||
|
|
```sh
|
||
|
|
sqlmap -u http://<target-IP>/site.php --forms --dump-all
|
||
|
|
```
|
||
|
|
* [Get reverse shell via sqlmap](https://www.hackingarticles.in/shell-uploading-in-web-server-using-sqlmap/)
|
||
|
|
|
||
|
|
|
||
|
|
|Parameter|Details|
|
||
|
|
|-r|Uses the intercepted request save as a file|
|
||
|
|
|--dbms|DBMS of target|
|
||
|
|
|--dump|Dump the entire database|
|
||
|
|
|--dump-all|Dump everything|
|
||
|
|
|-p |TESTPARAMETER|
|
||
|
|
|--os-shell|Prompt for an interactive operating system shell|
|
||
|
|
|--os-pwn|Prompt for an OOB shell, Meterpreter or VNC|
|
||
|
|
|--tables|Show tables|
|
||
|
|
|-T|Specify table|
|
||
|
|
|
||
|
|
## Other Tools
|
||
|
|
|
||
|
|
### Damn Small SQLi Scanner (DSSS)
|
||
|
|
* [Script](https://github.com/stamparm/DSSS.git)
|
||
|
|
```sh
|
||
|
|
python dsss.py -u "http://example.com/index.php?id="
|
||
|
|
```
|
||
|
|
|
||
|
|
### Online sqlmap
|
||
|
|
* [Link](https://suip.biz/?act=sqlmap)
|
||
|
|
|