SQL Injection Tools
Database Dump using SQLmap
SQLmap is one of the popular tools for validating a sql injection vulnerability and exploiting it. The tool takes care of checking various flaws such as the ones mentioned in the previous sections before presenting with the option to exploit them.
Two important parameters that are passed to the command,
p - the parameter that can be exploited for SQL injection
dbms - The type of database
The above command dumps all the information from the database.
Remote Shell Through SQLmap
It is possible to exploit the remote shell vulnerability a database might posses through SQLmap using the following command,
Last updated