sqlmap.md 793 B
sqlmap
Detect and exploit SQL injection flaws.
- Run sqlmap against a single target URL:
python sqlmap.py -u {{"http://www.target.com/vuln.php?id=1"}}
- Send data in a POST request (
--dataimplies POST request):
python sqlmap.py -u {{"http://www.target.com/vuln.php" --data={{"id=1"}}
- Change the parameter delimiter (& is the default):
python sqlmap.py -u {{"http://www.target.com/vuln.php"}} --data={{"query=foobar;id=1"}} --param-del={{";"}}
- Select a random
User-Agentfrom./txt/user-agents.txtand use it:
python sqlmap.py -u {{"http://www.target.com/vuln.php"}} --random-agent
- Provide user credentials for HTTP protocol authentication:
python sqlmap.py -u {{"http://www.target.com/vuln.php"}} --auth-type {{Basic}} --auth-cred {{"testuser:testpass"}}