These are the main steps we can follow to obtain all information about a database that is behind a sql injection vulnerability:
Step 1: List information about the existing databases
Firstly, we have to enter the web url that we want to check along with the -u parameter. We may also use the –tor parameter if we wish to test the website using proxies. Now typically, we would want to test whether it is possible to gain access to a database. For this task we can use the --dbs option, which lists all the available databases.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
With the execution of the previous command, we observe the presence of two databases, acuart ...