How to Use SQLMap to Find SQL Injection Vulnerabilities

SQLMap is an open-source tool that automatically finds and exploits SQL injection vulnerabilities. You can use it to test web applications for SQL injection and gain access to a vulnerable database. For those who don’t know SQL injection is a web hacking technique where the attacker inserts malicious code into an SQL statement. Once the attacker takes control of the database, he can perform malicious SQL queries against the vulnerable website and can retrieve, edit or delete the tables. These queries can be generated and executed automatically by SQLMap.

  Articles   Apr 1, 2023   0   563  Add to Reading List
How to Use SQLMap to Find SQL Injection Vulnerabilities

You can install SQLMap on Debian-based Linux systems using the following command:

apt install sqlmap

To use SQLMap, you need to identify a website that is vulnerable to SQL injection. In my case, I will use a website, which is intentionally vulnerable to web attacks.

http://testphp.vulnweb.com/showforum.asp?id=1

The simplest way to check if a website is vulnerable to SQL injection is to look for websites that end in “php?id=number or id=number”

Let’s assume a website lists information using an id parameter — for example, website.com/page.php?id=1.

This can be passed as input to SQLMap and SQLMap will automatically scan the site to see if the site is vulnerable to SQL attacks.

Next, use the following command on your Linux system:

sqlmap -u http://testphp.vulnweb.com/showforum.asp?id=1 --dbs

This command will scan through the target website and lists the available databases.

The -u flag is used to specify an URL and the — dbs command tells SQLMap to try to enumerate the database.

I get the following output showing that there are seven available databases.

Now let’s search for tables in the acublog database with the following command:

sqlmap -u http://testphp.vulnweb.com/showforum.asp?id=1 --tables –D acublog

Now you can see the database tables.

If you want to view the columns of a particular table, you can use the following command:

sqlmap -u http://testphp.vulnweb.com/showforum.asp?id=1 --columns -D acublog –T users

The last step is to dump and crack the password from the users table using the following command:

sqlmap -u http://testphp.vulnweb.com/showforum.asp?id=1 --dump -D acublog –T users

Here you can see the username “admin” and the password “none”.

Here is Basic and Advanced SQL injection Video Tutorial Explained And Demonstrated By Loi Liang Yang - Ethical Hacker, Penetration Tester and Cybersecurity Consultant

SQLMap is a powerful tool that helps you find SQL injection vulnerabilities. It is important for web developers to be familiar with SQLMap for defending against SQL injection attacks.

Thank you for reading!

Tags

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow