Introduction to SQLmap
A popular open-source penetration testing tool called SQLmap makes it easier to find and take advantage of SQL injection flaws in web applications. Since its creation in 2006, it has grown to become one of the most well-known instruments for web security. An attack known as SQL injection (SQLi) gives a hacker the ability to tamper with the queries that a program sends to its database. If successful, there could be data corruption, unwanted access to private information, and other dire repercussions.
What is SQLmap
An open-source program called SQLmap makes it easier to find and take advantage of SQL injections automatically. This is a very feature-rich tool with the potential to compromise the SQL server under the right circumstances.
Before continuing, it’s crucial to understand that SQLmap has the ability to produce a lot of traffic and that using it without permission from the system owner is prohibited.
Where can you use SQLMAP?
A website may be susceptible to this type of SQL injection if you come across a URL like http://testphp.vulnweb.com/artists.php?artist=1, where the ‘GET’ argument is bolded. This could allow an attacker to access data stored in the database. Moreover, SQLMAP functions when it is PHP-based.
An asterisk (1) can be used to replace the value in the get request parameter to see if your website is susceptible. As an illustration,
We can declare with certainty that the website is susceptible if this leads to an error like the one mentioned above.
Installing SQLmap
The majority of penetration testers prefer Kali Linux, which comes pre-installed with SQLMAP. Nevertheless, you can use the command to install SQLmap on other Linux systems based on Debian.
sudo apt-get install SQLmap
Usage
For demonstration purposes, we will utilize a website that is intentionally constructed with vulnerabilities in this article:
http://testphp.vulnweb.com/artists.php?artist=1
You can see that by modifying the value of cat, the user can modify a GET request parameter (artists=1). This means that this kind of SQL injection could be possible for this website.
We make use of SQLMAP to test for this. Enter the following in the terminal to view the set of arguments that can be passed:
sqlmap -h
The graphic above displays the parameters that we will utilize for the simple SQL Injection. In addition to them, we’ll also employ the -dbs and -u parameters, whose use was covered in Step
Using SQLMAP to test a website for SQL Injection vulnerability:
Step 1: List information about the existing databases First, make a list of the details for the current databases. Therefore, in addition to the -u argument, we must first give the site url that we wish to verify. If we want to test the website with proxies, we can also use the –tor argument. Normally, what we would want to do is find out if access to a database is possible. To do this, we use the –dbs option. All of the accessible databases are listed using –dbs.
sqlmap – http://testphp.vulnweb.com/artists.php?artist=1–dbs
Step 2: List information about Tables present in a particular Database
Our command needs to be slightly altered in order to attempt accessing any of the databases. The database name that we want to access is now specified with -D, and after we get access to the database, we want to check to see if we can access the tables. We make use of the –tables query for this. Allow us to retrieve the correct database.
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1-D acuart –tables
Eight tables can be seen that have been retrieved in the image above. We can now be certain that the website is weak.
Step 3: List information about the columns of a particular table
The following command can be used to inspect the columns of a specific table; the table name is specified with -T, and the column names are queried with -columns. Our goal is to gain entry to the “artists” table.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists –columns
Step 4: Dump the data from the columns
Similar to this, we may use the following command to get the data in a particular column. The -dump query retrieves the data, and -C allows us to specify multiple column names separated by commas.
sqlmap -u http://testphp.vulnweb.com/artists.php?artist=1 -D acuart -T artists -C aname –dump
