Using SQLMAP to test a website for a SQL Injection vulnerability

These are the main steps we can follow to obtain all information about a database that is behind a sql injection vulnerability:

Step 1: List information about the existing databases

Firstly, we have to enter the web url that we want to check along with the -u parameter.  We may also use the –tor parameter if we wish to test the website using proxies. Now typically, we would want to test whether it is possible to gain access to a database. For this task we can use the --dbs option, which lists all the available databases.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

With the execution of the previous command, we observe the presence of two databases, acuart and information_schema:

We get the following output showing us that there are two available databases. Sometimes, the application will tell you that it has identified the database and ask whether you want to test other database types. You can go ahead and type ‘Y’. Further, it may ask whether you want to test other parameters for vulnerabilities, type ‘Y’ here as we want to thoroughly test the web application.

Step 2: List information about Tables present in a particular Database

To try to access any of the databases, we have to modify our command. We now use -D to specify the name of the database that we wish to access, and once we have access to the database, we want to see whether we can access the tables.

For this task, we can use the --tables query to access the acuart database:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1  -D acuart --tables

In the following image, we see that eight tables have been recovered. In this way, we definitely know that the website is vulnerable:

Step 3: List information about the columns of a particular table

If we want to view the columns of a particular table, we can use the following command, in which we use -T to specify the table name,  and --columns to query the column names.

This is the command we can try to access the ‘users’ table:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1  -D acuart -T users
--columns

Step 4: Dump the data from the columns

Similarly, we can access all information in a specific table by using the following command, where the --dump query retrieves all the data from the users table:

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --dump

From the following image, we can see that we have accessed the data in the database:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.126.211