What Is This SQLMap? Sqlmap is an open-source tool that finds SQL Injections and makes those vulnerabilities exploitable automaticly. All of the parameters that used in SQLMap are important. In this article, we'll talk about some of these parameters and we'll give examples.
Basic Usage Examples First, let's see examples of some basic and common parameters.
URL Parameter: This parameter is the most popular one. As you can see below, it introduces the URL to SQLMap.
After this command, it will be possible to reach the type of vulnerability, the name of the DBMS (Database Management System) that is used in this system, server version and web application language if there's a vulnerability in this URL.
DBS Parameter: We found a vulnerability. What do we do now? Now it is time to list current database by using --dbs parameter.
-D -T -C Parameters: We have listed current db (database). Now we need to reach to the table names. To do that, we using --tables parameter. And we gotta specify the name of the database. -D parameter doing that mission.
We took the name of the tables. Now we will reach to the columns.
By reaching to columns, you will probably see hints that may lead you to the administrator name and password. Now we need to reach to data inside of specified column. We will do that by using --dump.
Note: To pull data from database, we must be sure about that database user has necessary perissions.
Permission Control As we said above, the database user that we connected to must have some necessary permissions because of commands to give results. There are a few parameters that we can use to check this.
To learn database users usernames, use --users For their passwords, use --paswords For user permissions, use --privileges For user roles, use --roles.
We have to add the username after -u parameter if we want to learn perm/permissions of any user. If we don't add any username after -u with Permission Control parameters, it will show current user's perm/permissions. One last thing, we can check if user is DBA ( Database Admin) by using --is-dba parameter. We will take "True" or "False" if we check DBA.
Then SQLMap will ask you to if you want to test the form and if you say yes, It will want you to edit POST data.
Shortly URI vs URL A URI (Uniform Resource Indetifier) is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything.
A Uniform Resource Locator (URL), colloquially termed a web address, is a reference to a web resource that specifies its ******** on a computer network and a mechanism for retrieving it.
URI Syntax: scheme://domainort/path?query_string#fragment_id
Tor Parameter: This one is simple too. You must have Tor Browser or Tor Bundle in your system to use this. --tor to use Tor, --tor-proxy parameter to use Tor Proxy, and --tor-type to specify proxy type and --tor-port for specify port.
After a long wait, we can see our test target has Boolean-based-blind and AND/OR time based blind type SQL Vulnerability. Also, It has started to finding Database names.
Note: If you did increase Risk and Level values, use --threads parameter to make progress faster. Also we can see remaining time by using --eta parameter.
Note: Check XML files in sqlmap/xml/payloads to see which tests does SQLMap did.
Tamper Parameter and WAF/IPS/IDS Bypass We can understand that there's an input validation mechanism if you took this message:
It could be WAF (Web Application Firewall), IPS (Intrusion Prevention System) or IDS (Intrusion Detection System). We can bypass them by using --tamper parameter with true scripts. You can google to see which script is more convenient to your target's Database name. To do a manuel detailed WAF test, use --identify-waf parameter.