O'Reilly logo

Penetration Testing Bootcamp by Jason Beltrame

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL Injection fun with Sqlmap

SQLmap is a penetration tool used for detecting and exploiting SQL injection flaws. Once exploited, it can perform a bunch of actions against the database with various switches. This includes fingerprinting, list of databases, list of tables within those databases, and even dumping the full database out. It supports all the major database vendors out here, and has full support for six different SQL injection techniques. For more information, definitely check out http://sqlmap.org. Now, let us try and test our application for a SQL injection flaw, and if we find one, perform some tests to grab some data.

First, we need to grab the session ID. I will accomplish this similar to how I did it with wfuzz. First, I ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required