Introduction:- SqlMap is Python based open source penetration testing tool.It is most powerful sql injection automation tool and prebuild in kali linux.It works on both local and remote database server. Sqlmap helps to dump the database columns, tables,all files in the remote server database as per user choice and it also helps us to read and write the database files with certain conditions. SqlMap uses six injection techniques Union query based, boolean based blind, Time based blind, Error based, Stacked query and Out of band Sql injection. It works on both Get and Post parameters.
In this tutorial i just going to dump the username and password of the vulnerable application from the database server with get parameter.
Lab Environment :-
- Kali linux
- Testing Site (Acunetix web application)
Now I will try manually with two different id in url:-
First I tried to break the query with single quote(‘) in php?artist=1, and php?artist=3 and I successfully broke two id with same result. So no matter about id we need to find a get or post parameter to do sql injection.
- Step 1:- I get into the vulnerable web application(testphp.vulnweb.com) and tried to find the GET parameter, and I end up with the get parameter in the “Browse Artists” Block, The ID can be anything we don’t need to care about it. We have to find the GET parameter incase of Doing Manual Injection in the site.
Step 2:- In the kali linux run the sqlmap -h command for help It helps us for further enumeration.
Step 3:- -u for url, Url- http://testphp.vulnweb.com/artists.php?artist=1
–dbs -database , To fetch the database name from the server.
Here the list list of database name (acuart and information_schema )
Step 4:- After Database name we need to find the table name in the database server. –-tables -D acuart Command to fetch the tables from the database acuart.
Here the list of tables that fetched from the database acuart.
Step 5:- Now fetch the columns from the table name user and database name acuart.
Here the list of columns
Step 6 :- Now run the command for dumping the column data.
Here the Dumped data, successfully get the username and password of the web application.
HAVE ANY QUERIES ?