Sqlmap- Getting started

SQLMAP is a tool used to enumerate the database. It will try to find the injection points in the address and will try to exploit them. Let’s see how.

I have taken a local setup of a vulnerable application, as you can see i have given the username as test and password as qtest in the url.

1)”-u” is used to state the URL1map

2)Refer the highlighted string.2map

3)Testing the injectable parameter with diferrent SQL statements , ORDER BY , GROUP BY etc.3map

4)Now comes the turn of password , being injectable or not. Refer the highlighted string4map

5)Getting to know the SQL injection type (blind , error based etc), payload etc.5map

Uncovering the database names

–dbs is used for getting the database names


Finding the tables inside the information schema database (from the above discovery)

–tables -D information_schema


Finding the columns inside one of the tables(TABLES) discovered above

–columns -D information_schema -T TABLES


Getting the data inside the columns




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s