O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Dumping the data – in an error-based scenario

Let's go back to the previously discussed example, and now we shall exploit the vulnerability using the error-based technique of SQLMap to list the database user and list of databases as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --current-user

The output is shown in the following screenshot:

Dumping the data – in an error-based scenario

Impressive! The current database user pointed out by SQLMap is root.

Now let us print the list of databases present using --dbs switch as follows:

./sqlmap.py -u http://192.168.50.2/Less-1/?id=2 --dbs

The output is shown in the following screenshot:

Once we have the list of databases available, it may be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required