Thursday, September 15, 2011

HOWTO : Offical SQLMap video demonstration 5

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to : Bernardo

This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.

Original link is here.



Demonstration of sqlmap custom enumeration features: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being Oracle 10.2 Enterprise Edition.

The tool is instructed to identify possible SQL injections and exploit them by spawning a SQL shell where it is possible to provide custom SQL statements to be executed on the back-end database management system. sqlmap analyzes the provided SQL statement, decides which technique to use to execute it and proceeds accordingly.

Command

python sqlmap.py -u http://172.16.213.131/sqlmap/oracle/get_int.php?id=1 --sql-shell -v 2

That's all! See you.