Sqlmap, Software For Exploiting Database Vulnerabilities

English

Sqlmap, software for exploiting database vulnerabilities.

It is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them.

Sqlmap, software for exploiting database vulnerabilities.

It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.

The software sqlmap is run at the command line and is available to download for different operating systems: Linux distributions, Windows and Mac OS operating systems.

In addition to mapping and detecting vulnerabilities, the software enables access to the database, editing and deleting data, and viewing data in tables such as users, passwords, backups, phone numbers, e-mail addresses, credit cards and other confidential and sensitive information.

sqlmap has full support for multiple DBMSs, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird and SAP MaxDB.

License:

Legal disclaimer: Usage of commix for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. The owner, this website assume no liability and are not responsible for any misuse or damage caused by this program or the usage of any tutorial on this website.

Sqlmap has full support for all injection techniques:

  • Boolean
  • Error
  • Stack
  • Time
  • Union

The standard use of the software in Kali Linux:

sqlmap -u "https://target.URL/files/file.php?id=1"

Press Enter, then wait.

OR ( target.URL, needs to be replaced and .php?id=1 can be changed to for example 51)

sqlmap -u "https://target.URL/file.php?id=51"

Press Enter, then wait.

Here is a short example of the output:

For more options, type:

sqlmap --help

Press Enter,

This tool is great for testing your own website for database vulnerabilities.

I couldn't find any exploitable vulnerabilities on my own site, using this tool.

NOTE: That if you want to test other people websites, make sure you have a legal contract to do so, before doing anything.

Developers website

Rate This: 
Average: 5 (1 vote)

Featured Sponsors

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.