*** Do NOT attack any computer or network without authorization or you may put into jail. ***Credit to : Bernardo
This is Bernardo's work but not mine. I re-post here for educational purpose only. It is because I enjoy his videos very much and I am afraid of losing them.
Original link is here.
Demonstration of sqlmap custom enumeration features: sqlmap is launched against a PHP test page hosted on a Debian GNU/Linux 5.0 server with back-end database management system being Oracle 10.2 Enterprise Edition.
The tool is instructed to identify possible SQL injections and exploit them by spawning a SQL shell where it is possible to provide custom SQL statements to be executed on the back-end database management system. sqlmap analyzes the provided SQL statement, decides which technique to use to execute it and proceeds accordingly.
Command
python sqlmap.py -u http://172.16.213.131/sqlmap/oracle/get_int.php?id=1 --sql-shell -v 2That's all! See you.