SQLmap

1,727 views

Published on

Overview of SQLmap and it's settings

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,727
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
37
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SQLmap

  1. 1. SQLMap
  2. 2. Options • -v • -h
  3. 3. Target: • • • • -d DIRECT -u URL -r REQUESTFILE -l LIST
  4. 4. Requests: • --data=DATA • --cookie=COOKIE • --scope=SCOPE
  5. 5. Injection • • • • • • -p PARAMETER --dbms=DBMS --os=OS --prfix=PREFIX --suffix=SUFFIX --tamper=TAMPER
  6. 6. $query = “SELECT * FROM users WHERE id=(‘ ”.$_GET*‘id’+.” ’) LIMIT 0, 1”; Sqlmap –u URL –p id –prefix “’)” –suffix “AND (‘abc’=abc” $query = SELECT * FROM users WHERE id=(‘1’) <PAYLOAD> AND (‘abc’=‘abc’) LIMIT 0,1”;
  7. 7. Detection: • • • • --level=LEVEL (1-5) --risk=RISK (0-3) --string=STRING --regex=REGEX
  8. 8. Enumeration • • • • • • • • • • • --current-user --current-db --users --passwords --dbs --tables --columns --dump (all) --replicate --search --sql-query=SQLQUERY
  9. 9. Enumeration (cont) • • • • -D DB -T TABLES -C COLUMNS --file-read=FILE
  10. 10. General • • • • -s SESSIONFILE --flush-session --update --save

×