SQLmap

Automate SQL Injections

Documentation

https://github.com/sqlmapproject/sqlmap/wiki/Usage

From Request - HTTP:80

sqlmap -r http.request -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080

From Request - HTTPS:443

sqlmap -r http.request --force-ssl -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080

or the http.request file needs to have special HTTP header Host: server:443

URL target & Parameters

sqlmap -u http://domain?id=1 -p id

You can read HTTP request from a file.

sqlmap -r ./sql.req

# where sql.req is HTTP request, use * for parameter injection
# for example
GET /path/to/username*

HTTP Proxy

sqlmap --proxy=http://127.0.0.1:8080

Databases

The most common DBMSs the remaining ones look at sqlmap wiki --dbms.

--dbms=mssql|mysql|postgresql|oracle

Base64 Encoding

By default sqlmap encode values in query string by URL encoding. When you need to encode payload using base64 encoding use the following switch with a parameter name

sqlmap -u domain?p1=value --base64=p1

HTTP method - DELETE

sqlmap --method=DELETE -u http://domain -p param1

PreviousBlind SQL InjectionNextNoSQL Injection

Last updated