Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 3

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap options' granularity with verbose output: sqlmap is launched against an ASP test page hosted on a Microsoft Windows 2003 server with back-end database management system being Microsoft SQL Server 2005.

The tool is instructed to identify possible SQL injections and exploit them by dumping only from the second to the third entry of column surname of table users in the database testdb.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/mssql/iis/get_str2.asp?name=luther --dump -T users -C surname -D testdb --start 2 --stop 3 -v 2

That's all! See you.