IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [sqlmap]

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

152 questions
13
votes
1 answer

How to include multiple parameters in sqlmap POST request

I'm using the following command to inject the Username parameter: sqlmap -r Path_Of_Myfile -p UserName It's running well. But there's also a second parameter of Password. How can I also attempt to inject the Password parameters in sqlmap?
Samy
  • 155
  • 1
  • 2
  • 9
10
votes
2 answers

Understanding SQLMAP payload

I was participating in a CTF and there was a SQL Injection challenge. There is a Wordpress page with a vulnerable plugin parameter (let's call the website https://vulnerable.com/), and the solution comes from leaking values from the database. Using…
Michael Hoefler
  • 145
  • 2
  • 9
9
votes
2 answers

What are the consequences of increasing the "--risk" option of sqlmap?

I use sqlmap to test the services of my company. I tried increasing the value of its --level option, but I do not find clear descriptions of the tests added with an increased --risk value. So, what do risk levels 2 and 3 tests do, and what are the…
tux lu
  • 125
  • 1
  • 1
  • 6
7
votes
2 answers

What's the best way to test for SQL Injection vulnerabilities? Manual or SQLMap?

As part of my job I test for web application vulnerabilities regularly. When it comes to SQL Injection, my methodology is to start by manually browsing the website and spidering it, then, sending the parameters that I suspect to interact with the…
Mico
  • 377
  • 3
  • 16
7
votes
3 answers

SQLMap: How to dump tables that begin with a specific letter?

I would like to know the command of SQLMap, which permits me to retreive just tables that begin with a special letter. Example with letter "T": sqlmap.py -u www.website -D database -T tables (...)
Bastian Nuremberg
  • 71
  • 1
  • 1
  • 3
6
votes
1 answer

Why would output from sqlmap be trimmed?

I've decided to learn sqlmap but having an issue with Sqlmap trimming some of my output, the hash. The hash is about to be 32 characters long but I'm only getting 25 and the warning: [WARNING] possible server trimmed output detected (due to its…
user3316995
  • 81
  • 4
6
votes
1 answer

Using sqlmap and testing parameters inside SEF URL alias

I would like to use sqlmap and set parameters, that are concatenated inside the URL parts. I know that a following URL is possible to track with defining of parameter by putting an asterisk behind the parameter value: sqlmap -u…
pedrouan
  • 113
  • 8
6
votes
1 answer

sqlmap load https request using "-r REQUESTFILE Load HTTP request from a file"

I'm testing a site that automatically redirects http request to https. When I'm using Burp I set the target to use https and the request goes through without a problem. However when I use the same request in sqlmap I get a follow redirect. How can I…
Ogglas
  • 677
  • 4
  • 12
  • 26
6
votes
2 answers

Sqlmap doesn't exploit verified SQL injection

Right now I'm tinkering with the Hackxor VM (a pentesting training enviroment) and I'm trying to use sqlmap to exploit a vulnerability which I can exploit manually. The vulnerability is in the cookie header 'userid' parameter. The application…
Hidden
  • 161
  • 1
  • 3
5
votes
1 answer

Possible to use sqlmap when URL changes after each request?

I am testing a website login that is constantly changing its URL after each request. The first request does a POST login request to /login?0-1.FormSubmit, the next login attempt has to POST to /login?1-2.FormSubmit, and so forth. Is it possible to…
user7981924
  • 53
  • 3
5
votes
1 answer

sqlmap HTTP 405 error on a vulnerable POST parameter

For academical purposes I need to explode a blind sql injection on a form paramater which is sent using the POST method. The form is very simple, it just has an input text box where to introduce the name of a user and a submit button, the output…
Toni
  • 207
  • 1
  • 2
  • 8
5
votes
1 answer

SQLmap injection not working, manually it works fine

I have built a vulnerable web application to demonstrate SQL injection. I want to show both manual injection and automated injection. The injection requires a) the user to be logged in (session cookie), b) a user SSL certificate and c) a PREFIX. My…
amlwwalker
  • 161
  • 1
  • 3
4
votes
1 answer

How do I use sqlmap to dump the OWASP Juice Shop schema?

I cannot seem to get sqlmap to successfully exploit and retrieve schema information from OWASP's deliberately vulnerable Juice Shop web application. I've tried to be very specific in my sqlmap command line options to help it along, but it still…
jkeeler
  • 143
  • 1
  • 6
4
votes
1 answer

Using sqlmap --crawl without asking questions

I'm using sqlmap with --crawl option. Whenever a URL is found, it asks me whether to scan it GET http://127.0.0.1:80/demo/sqli.php?id=1 do you want to test this URL? [Y/n/q] How should I ask sqlmap to test all URLs without asking? P.S SQLmap also…
daisy
  • 1,735
  • 3
  • 25
  • 39
4
votes
1 answer

Trying to tunnel a reverse shell out of an internal network

I am practicing performing a pentest and getting stuck trying to get an interactive reverse shell from an internal machine to my attacker machine. This is what I have done so far: Me(attacker): 67.67.67.67 (some public ip) Web app (victim):…
user0809452345
  • 93
  • 6
1
2 3
10 11