September 2018
Intermediate to advanced
426 pages
10h 46m
English
Content preview from Mastering Python for Networking and Security
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Using SQLMAP to test a website for a SQL Injection vulnerability
These are the main steps we can follow to obtain all information about a database that is behind a sql injection vulnerability:
Step 1: List information about the existing databases
Firstly, we have to enter the web url that we want to check along with the -u parameter. We may also use the –tor parameter if we wish to test the website using proxies. Now typically, we would want to test whether it is possible to gain access to a database. For this task we can use the --dbs option, which lists all the available databases.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
With the execution of the previous command, we observe the presence of two databases, acuart ...