SQL Injection Attack With SQLmap

Harness the power of an automation tool for SQL injection to effortlessly retrieve data from any database or server.

hello Folks!!! it’s a samxia99

My Bio link:-https://beacons.ai/samxia99

Hey everyone! I'm thrilled to introduce an amazing tool that can help you with SQL Injection attacks. Most people don't want to perform SQL injection attacks manually because it takes a lot of time and there's no guarantee of results. SQLmap is the best command line tool for SQL injection attacks.

Note: I won't cover the entire sqlmap, as there are many tutorials available. Instead, I'll focus on teaching you how to execute a SQL injection attack using SQL injection.

Install

sudo apt install sqlmap

How To Use

SQLmap is a command line tool. we can see all functions of sqlmap using man sqlmap. First, let’s get the target to perform an SQL attack.

• Here as a target, I’m using vulnweb.com by Acunetix Target=http://testphp.vulnweb.com/

here search bit we need to find the attack link we can also find the attack link by this method:

site:http://testphp.vulnweb.com/ php?id=

we can use the site and php id to find the target link here we can see some results there we can have an id parameter in the URL.

How To Get Attack Link

http://testphp.vulnweb.com/AJAX/infoartist.php?id=1

After finding the attack link, we can now start performing the attack. First, we need to find the database, then the table and columns to access the data.

How To Find Database

we can use this command:

sqlmap -u http://testphp.vulnweb.com/AJAX/infoartist.php?id=1 --dbs

• --dbs Enumerate DBMS databases
• -u Target URL

Note:- If you find the database you can skip the payload of DBMS. and Do all remaining tests.